This week, I had a client who was having issues with his router. With years of use, he began to experience a degradation in its performance. Although the office is small with 6 computers, his only requirements were a router that can block roughly 30 domains, and manage to perform well.
I arrived at his office, and found he purchased a shiny new Cisco Linksys WRT320N router for $100 from Futureshop. It looks sleek and sexy. I disconnected his D-Link DIR-615, and proceeded to setup the new one. After getting through the setup, enabling the wireless, and specifying which systems would obtain which IP address, I found that the router can only block 4 domains.
It’s situations like these where you realize there is a good solution for all of this, and it happens to start with Vyatta. I brought over a computer with a second network card installed. Ran through the main setup of the router. Now, for domain or URL filtering, my understanding is that there is no limit with Vyatta.
You run the commands below on the internal interface that connects the switch to the router.
set service webproxy listen-address 10.10.0.1 set service webproxy url-filtering squidguard local-block twitter.com set service webproxy url-filtering squidguard local-block facebook.com set service webproxy url-filtering squidguard local-block youtube.com commit
There is also some extra cool features if you are looking for an added level of security. SquidGuard allows you to use blacklists with Squid, and the great thing about it is that its totally free. One of those cool features is the ability of blocking adware and spyware, and not having to figure out what to block. You can use the commands below to use the lists managed by Squid.
set service webproxy listen-address 10.10.0.1 set service webproxy url-filtering squidguard block-category ads set service webproxy url-filtering squidguard block-category gambling set service webproxy url-filtering squidguard block-category malware set service webproxy url-filtering squidguard block-category phishing set service webproxy url-filtering squidguard block-category porn set service webproxy url-filtering squidguard block-category spyware set service webproxy url-filtering squidguard block-category warez commit
And with a few lines of commands, you can protect your network better.
hi im just new to vyatta and i was trying to configure the blocking by category using squid. My problem is that when i try to commit after setting the following:
set service webproxy listen-address x.x.x.x
set service webproxy url-filtering squidguard block-category ads
I got this error :warning no blocklist installed
unknown block-category [ads] for policy default [default]
how ca i installed blocklist and what should i do to clear this error.
Thank you so much for any response it would surely help a lot.
Thanks,
Regards,
Lorenze
Hello lorenze,
You have to first install the blocklist before oyou can go ahead and setup the content filtering….the command is…update webproxy blacklists
you have to first run that command so that vyatta can install and update the blocklist before. Let me know how it goes.
Late reply to this post, but I found it wondering around and I feel the need to be polite…
you should run “update webproxy blacklists” so it can download the blacklists that you need, you do this at the first level of the CLI before entering config mode (the one that displays the “$” at the end, for example user@router:~$).
You probably already figured this out but this is for other people that see this some other time
@ lorenze
You need to update your squiguard blockslists:
update webproxy blocklists
pleas i use vyatta web filtring
it seem to be good but
i need to let some bodies have full acces and other one limted access
i have vyatta vc 5. edition
i found on the net that ther is cmd like sous-group that help to my cas but it dont work it sem that i need vyatta plus edition
is that right
and ther is no way to install that option on my vyatta syst vc ??
And how to block https? – https://facebook.com
I know this thread is a little dated, but I have a custom IP list to block (that I have on a web server). Is there a way I can incorporate that into what you have above also?
Thank you for the tip on squid!
Sam
Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more. Our adult blacklist contains over 1.2 million domains, we have unique blacklists that you will not find any other place.
There is room for better blacklists, we intend to fill that gap.
It would be our pleasure to serve you.
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Hello
Thank you so much for this great tut, I am wondering to know if exist a black-list to clock everything, I would like to block all the internet access and let the user use only my domain and subdomains.
Thank you so much.
when i try to update webproxy blacklist
after completion of download, it shows Bad file descriptor message. what do i do to update the file list noe?
Hi, It seems that I can’t get to work the “set service webproxy url-filtering squidguard local-block facebook.com” and “set service webproxy url-filtering squidguard local-block twitter.com”. The sites can still be accessed by the computers in my network. Does this have to do with the HTTPS accessed on the said sites?
Hope somebody can help me on this.
Thanks.
Btw, I tried the default-action block, and all websites were block except for facebook.com and twitter.com. I’m not sure how this is happening.
I don’t want to reformat and reinstall vyatta but if worst comes to worst I might do just that and re-configure.
Squidblacklist.org is the worlds leading publisher of native acl blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as many other filtering platforms. Including Squid Guard, DansGuardian, and ufDBGuard, as well as pfSense and more. Our adult blacklist contains over 1.1 million domains, we have unique blacklists
that you will not find any other place.
There is room for better blacklists, we intend to fill that gap.
It would be our pleasure to serve you.
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Hi Guys,
I have configured web proxy in virtual box. I’m getting error like webproxy may not work properly without a name server.
Can anyone please tell me what is this?