I am using Untangle as a base operating system to run squid proxy, as Untangle has some good features such as port forwarding & bridge mode. So that there is no need to touch your existing configuration (e.g. firewall, end users desktops, router & switch) we are going to use these features for configuring squid proxy in a transparent mode.
I am using normal desktop machine with 4GB Ram, 2 NIC & 250 GB Hard Drive.
Untangle Install Steps:-
Install Untangle from CD or ISO image file on VMware ESX or on a physical machine. Physical machine is always preferred for Untangle. Untangle installation is straight forward follow below steps to install untangle,
1) Begin by starting your computer with the Untangle Install CD inserted.
2) If after a couple minutes you do not see the Choose Language screen, you may need to instruct your computer to boot from the CD drive.
3) Follow the steps in the wizard.
4) When the Installation is complete, the system will reboot. Remember to remove the CD. You are ready to begin configuring Untangle.
Edit below file & comment first line to install APPS on Untangle.
Also disable the automatic updates on 6.2 version (go to http://yourproxyconfig?Upgrades?Upgrade Setup?Do not automatically install upgrades.)
Webmin install completed. You can now login to https://yourproxy:10000/
Configure a packet filter for webmin (Packet Filter) Login to admin page, click on CONFIG, NETWORKING. At the top right click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After ADVANCED mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Click on the EDIT icon and make your screen match the following:
Add the following under their respective sections:
http_access allow mytricks
cache_mem 32 MB
cache_dir ufs /var/spool/squid 5000 16 256
#Configure a port forwarding in Untangle for all users you want to monitor Login to admin page, click on CONFIG, NETWORKING. At the top click on PORT FORWARDS. Click on ADD which will add it to the selection. Make your screen match the following:
DESCRIPTION: Squid Redirect
DESTINATION PORT: 80
SOURCE INTERFACE: Internal
NEW DESTINATION: 192.168.175.230 (change this to YOUR internal Untangle IP)
NEW PORT: 3128
#Configure a packet filter for webmin (Packet Filter) Login to admin page, click on CONFIG, NETWORKING. At the top click on ADVANCED to enable advanced mode. If this is the first time, it will try to run a wizard which you can cancel. After advanced mode has been enabled, click on the down arrow to the right of the word ADVANCED and select PACKET FILTER. Click on ADD which will add it to the selection. Make your screen match the following:
NAME: Squid Proxy
SOURCE INTERFACE: Internal
DESTINATION PORT 3128
PROTOCOL: TCP Destined local
# Restart UT affected UT services
9. Deny logging of particular URL in access.log
I am denying logging of the few URL’s such sharepoint server (e.g 192.168.100.200) as all uses contacts Sharepoint server & it generates lots of internet logs. We do not want these logs.
Add below entries
acl logging url_regex http://192.168.100.200 (create acl & deny that acl form logging to access.log)