SquidGuard is a URL redirector used to use blacklists with the proxysoftware Squid. There are two big advantages to squidguard: it is fast and it is free.
Pound
Primary tabs
Installation
Create a directory to work in:
mkdir -p /extra/src
cd /extra/src
Download and unpack the source:
wget https://github.com/graygnuorg/pound/releases/download/v4.13/pound-4.13.tar.gz
tar zxf pound-4.13.tar.gz
cd pound-4.13
Configure it, then build and install:
./configure --with-ssl
make
make install
Basic Configuration
Create a config file /usr/local/etc/pound.cfg
for a basic setup to proxy requests to an internal server:
## sample pound.cfg
#
User "nobody"
Group "nobody"
## Logging: (goes to syslog by default)
## 0 no logging
## 1 normal
## 2 extended
## 3 Apache-style (common log format)
LogLevel 1
## Log to stdout
LogFacility -
## check backend every X secs:
Alive 30
## Run in foreground for daemontools startup
Daemon 0
ListenHTTP
Address 127.0.0.1
Port 80
Service
Host ".*www.server0.com.*"
BackEnd
Address 192.168.0.10
Port 80
End
End
End
Automatic Startup
We're going to use daemontools.
If you haven't already, install daemontools.
Create a directory for the Pound service:
mkdir -m 1755 /var/service/pound
cd /var/service/pound
Create the run script and make it executable:
echo '#!/bin/sh' > run
echo 'exec /usr/local/sbin/pound' >> run
chmod 755 run
Our log script comes from John Simpson:
mkdir -m 755 log
cd log
wget http://qmail.jms1.net/scripts/service-any-log-run
mv service-any-log-run run
chmod 755 run
Finally, add the service to daemontools by creating the symbolic link in /service
ln -s /var/service/pound /service/pound
Confirm that the service is running:
svstat /service/pound /service/pound/log
IP addresses and X-Forwarded-for
When running behind the Pound proxy, the web server will see the proxy's IP address as the source of the traffic. To get the actual IP address, adjust the program's logging to use the X-Forwarded-for.
- Apache - edit
/usr/local/apache2/conf/http.conf
and add a new log format for Pound:
LogFormat ""%{X-Forwarded-for}i" %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" "%{forensic-id}n"" poundcombined
Then adjust
AccessLog
directive in yourVirtualHost
configuration in
/usr/local/apache2/conf/extra/httpd-vhosts.conf<code>:
<code>
CustomLog /var/websites/domain/logs/domain-access_log poundcombined - Drupal
Edit your site'ssettings.php
file to enable using theX-Forwarded-for
header:$conf['reverse_proxy'] = TRUE;
$conf['reverse_proxy_addresses'] = array('1.2.3.4');
- Log in to post comments