Openbsd as proxy server

From wiki.perl.lt
Jump to: navigation, search

squid 

# cd /usr/ports/www/squid
# make install clean

/etc/rc.local 

    if [ -x /usr/local/sbin/squid ]; then
        echo -n ' squid';       /usr/local/sbin/squid
    fi

/etc/squid/squid.conf 

...
http_port 172.30.28.239:8083
...
cache_mgr bill.gates@microsoft.com
...
ftp_user kkk@ltu.com
...
logformat squid %ts.%03tu %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
...
#acl Safe_ports port 70         # gopher ir kiti..
...
acl vip src 172.30.28.239 172.30.28.249 172.30.28.214 172.30.28.211 172.30.28.174 172.30.28.85
# 4skype
acl connect method CONNECT
http_access deny !Safe_ports connect !vip all
...
acl our_networks src 172.30.28.0/24
http_access allow our_networks
http_access deny all
...
cache_dir ufs /var/squid/cache 15000 16 256
...


# /usr/local/sbin/squid -z
# /usr/local/sbin/squid -d 1 -N

squidguard 

# cd /usr/ports/www/squidguard/
# make install clean

/etc/squidguard/squidguard.conf 

dbhome /var/squidguard/db
logdir /var/squidguard/log

src vip {
# proxy.perl.lt
    ip 172.30.28.239
# universe.perl.lt
    ip 172.30.28.249
}


src den {
    ip  172.30.28.128
    ip 172.30.28.4
}

src lan {
    ip  172.30.28.0/24
}

dest video {
 domainlist      blacklists/video/domains
 expressionlist  blacklists/video/regexp
 log anonymous  dest/video.log
}

dest chat {
 domainlist      blacklists/chat/domains
 expressionlist  blacklists/chat/regexp
 log anonymous  dest/chat.log
}

dest misc {
 domainlist      blacklists/misc/domains
 log anonymous  dest/misc.log
}
dest ads {
 domainlist      blacklists/ads/domains
 log anonymous  dest/ads.log
}

dest games {
 domainlist      blacklists/games/domains
 expressionlist  blacklists/games/regexp
 log anonymous  dest/games.log
}

dest porn {
 domainlist      blacklists/porn/domains
 expressionlist  blacklists/porn/regexp
 log anonymous  dest/porn.log
}

dest lanas {
 expressionlist  blacklists/lanas/regexp
 log anonymous  dest/kitron.log
}

acl {
    vip {
        pass all
    }
    den {
        pass lanas none
    }
    lan {
                pass !video !chat !misc !ads !games !porn all
    }
    default {
        pass none
        redirect  http://proxy.perl.lt/denied/index.pl?ip=%a&url=%u

    }

# mkdir /var/squidguard/db/blacklists
# cd /var/squidguard/db/blacklists
# mkdir ads chat games misc porn video
# cd ads
# touch domains regexp
...
# mkdir /var/squidguard/log
# cd /var/squidguard/log/dest
# touch ads.log chat.log games.log misc.log porn.log video.log
# chown -R _squid:_squid /var/squidguard/

domains 

youtube.com
video.google.com
video.yahoo.com

regexp 

(bondage|boobs|busty|hardcore|porno|sex|xxx)
(skype)
(^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)
\.(avi|mpg|mpeg|wmv|asf|mov|mp3)$
(videogaga)
(game|travian|zaidimai|pool|gaming)

blacklists/lanas/regexp (siuo atveju skirtas tam kad atidrausti visiem) 

(proxy.perl.lt)

index.pl 

#!/usr/bin/perl

@pic = `ls pic/`;
srand;
$img=$pic[int(rand ($#pic+1))];

print "content-type: text/html\n\n";

print '
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>denied</title>
</head>
<body>
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td align="center" valign="middle">
        <img src="http://proxy.perl.lt/denied/pic/'."$img".'"><br>ACCESS DENIED!
    </td>
  </tr>
</table>
</body>
</html>
';

# echo "http://www.blocked.site 1.2.3.4/- user GET -" | squidGuard -c /etc/squidguard/squidguard.conf -d

/etc/squid/squid.conf 

...
url_rewrite_program   /usr/local/bin/squidGuard
...
url_rewrite_access    deny  localhost
...

# squid -k reconfigure

adzapper (http://adzapper.sourceforge.net) 

# wget http://adzapper.sourceforge.net/adzap-20080508.tar.gz
# tar xfz adzap-20080508.tar.gz
# cd adzap/scripts
# cp squid_redirect wrapzap zapchain /usr/local/bin/
# chmod 755 /usr/local/bin/squid_redirect /usr/local/bin/wrapzap /usr/local/bin/zapchain
# mv ../zaps/ /var/www/icons/adzapper

/usr/local/bin/wrapzap 

...
zapper=/usr/local/bin/squid_redirect
squidguard=/usr/local/bin/squidGuard
...
ZAP_BASE=http://proxy.perl.lt/icons/adzapper  # a local web server will be better
ZAP_BASE_SSL=https://proxy.perl.lt/icons/adzapper # this can probably be ignored
...
# exec "$zapper"
exec /usr/local/bin/zapchain "$zapper" "$squidguard"
...

/etc/squid/squid.conf 

#url_rewrite_program   /usr/local/bin/squidGuard
url_rewrite_program  /usr/local/bin/wrapzap

# squid -k reconfigure
Retrieved from "http://wiki.perl.lt/index.php?title=Openbsd_as_proxy_server&oldid=104"
Personal tools
Categories