Wazzaʼs QuickStart:
Mac OS X 10.2
Setting Up a Web Proxy & Content Filter This document discusses the setup of a caching proxy server and a web content filter in a Mac OS X school environment. However most of the discussion is of a generic nature, and can easily be adapted for use in other environments. Similarly, this document was written in the days of Mac OS X 10.2, but the procedures should endure for more recent OS updates, until a new document is written. Background Perceived internet access speed can be considerably improved on a school network through the use of a caching proxy server. This is especially the case where the proxy is used in conjunction with a school intranet, which encourages multiple students to visit the same web sites. The proxy cache stores each site when the first student has visited the site, and provides subsequent requests for the same site from its cache, rather than competing with traffic on the school’s WAN link. A web content filter, used in conjunction with a proxy server, will also prevent students visiting inappropriate sites.
Platform Ideally we should setup a proxy cache on a Linux computer. An older PC, which may not be useful for anything else will make a very respectable proxy server, using Linux software. However, the dive into the Linux world can be a little daunting for those of us who have grown up in a point-and-click GUI world. This document details the setup of a caching proxy server and web content filter on a Macintosh OS X 10.2 computer. The only downside of this arrangement is that you need to use a Mac capable of running Mac OS X, which will be taken off your desktop for use as a dedicated proxy server. Plenty of RAM is also a good idea.
Software We will setup our content filter using DansGuardian. We will seup our caching proxy server using SquidMan. We will use WebMin to administer DansGuardian (start/stop/edit files). You will need a Mac with at least Mac OS X 10.2 installed. While you can probably install and run all this software on any Mac with an existing installation of OSX, it is strongly recommended that you use the Apple Disk Utility to erase the computer’s HD, then reinstall a clean “base” version of OSX. While installing OSX, choose Customize - no need to install any additional Languages or Applications like iPhoto, etc. Make sure that you DO install the BSD subsystem though! After installing OX 10.x, set the IP address to a fixed address - in NSW DET schools this is 10.x.x.20. Set up your network settings (proxy, etc) and ensure that the computer connects to the internet. There are some other System Preferences which also need adjusting, such as the Energy Saver. These settings are detailed in Section 6 of this document. You will need to download the following software: • SquidMan http://homepage.mac.com/adg/squidman.html • DansGuardian http://download.smoothwall.org/mirrors/dansguardian/Alpha/MACOSX/ • WebMin http://www.versiontracker.com/dyn/moreinfo/macosx/15800 • WebMin DansGuardian module http://sourceforge.net/projects/dgwebminmodule/
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 2/25
An Overview of how it goes together DansGuardian depends on access to Squid. There is an installer available that will install DansGuardian and Squid from one easy installer. If you have no need to adjust any of the defaults, this is the installer for you (get it from VersionTracker). However, most schools will need to make some adjustments to configure Squid to work behind a firewall, and to DansGuardian to adjust the severity of the filtering. SquidMan provides a great GUI for the proxy preferences, in particular a dialogue box to configure a “parent” proxy. WebMin provides a web browser interface to start/stop/configure DansGuardian. If you are using DansGuardian in conjunction with SquidMan, you will also need to change the port on which Squid “listens” for requests from 8080 to 3128, as this is the port that DansGuardian uses to communicate requests to Squid.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 3/25
This document is divided into the following sections: 1. Installing SquidMan 2. Installing DansGuardian 3. Installing WebMin 4. Configuring WebMin 5. Configuring DansGuardian 6. Configuring OSX System Preferences 7. Configuring network computers to access the proxy.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 4/25
1.
Installing SquidMan Proxy Server 1.1. Download SquidMan 1.2. Drag SquidMan to your Applications folder
1.3. Launch SquidMan
1.4. You will be advised that the Squid subsystem needs to be installed.
Click on OK to continue.
1.5. Enter your username and password
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 5/25
1.6. You will now see the SquidMan prefs.
Enter the following information under the General tab: Port number: 3128 Hostname: Proxy Cache: 100M
1.7. Click on the Parent tab
Tick to Use parent proxy server (if required - if you don’t normally use a proxy server leave this blank.) Enter the hostname of your upstream proxy. Click on the Save button.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 6/25
1.8. You can also enter an exceptions list, for local sites, and systemic school servers, etc under the Direct tab.
Click on the Save button.
1.9. If you want to use Squidman directly, without the DansGuardian content filtering discussed later in this document, you will also need to click on the Clients tab.
Enter the IP address information relevant to your school network. This will allow clients to connect directly to the proxy server, if required. (This is not necessary if you are accessing the proxy via the DansGuardian content filter). 1.10. You will now see the SquidMan controller window. Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 7/25
Click on Start Squid
1.11. You should now be able to access the Internet via the SquidMan Proxy, from computers on the school network. The computers must have their proxy set to the IP address of the SquidMan proxy (in DET schools this should be 10.x.x.20) on port 3128. The IP address of the client computers (or their subnet range) must be included in the list in the Clients tab in the Squidman preferences. This is not necessary if you are using the DansGuardian content filter, but may be useful to setup anyway, in case you find the need to bypass the local filter occasionally, to download installers, etc. Section 6 of this document provides some more info about client setup.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 8/25
2.
Installing DansGuardian Content Filter 2.1. Download the DansGuardian OSX installer.
2.2. Run the Installer
2.3. Follow the prompts
Click the Restart button on the screen when prompted. Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 9/25
3.
Installing WebMin Web Interface We are installing WebMin to provide a Web interface to DansgGuardian. This does feel a little bit like overkill, as WebMin can be used to control a huge range of other Linux utilities as well. Installing WebMin involves a little bit of work in the Terminal. A bit scary to start with, but pretty easy if you follow the directions below. 3.1. Download the WebMin package. This will download as a tar.gz file, which Stuffit Expander will decompress as a folder.
Copy the WebMin folder to the Applications folder.
3.2. Download the DansGuardian WebMin module.
Copy the DansGuardian Webmin module file to the Applications folder
3.3. Open Terminal
Terminal is located in the Utilities folder, in the Applications folder.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 10/25
3.4. You will see the Terminal “prompt”:
3.5. Open your Applications folder on the Mac HD, and arrange the open Applications folder, and the Terminal window, so you can see both at once. Type cd (change directory) in the Terminal window, leave a space, then drag the WebMin folder from the Applications folder to the command line in the Terminal window.
This drag’n’drop shortcut will save you from typing the full path, and will insert the correct path to the WebMin folder! Press Return on the keyboard.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 11/25
3.6. You are now located in the WebMin folder.
3.7. Type sudo ./setup.sh
Press Return on the keyboard. 3.8. Enter your admin password
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 12/25
3.9. The setup will now ask you to accept a few default settings.
Press the Return key.
3.10. Continue pressing the Return key at each prompt until you see the Web Server port (default 10000).
Accept the default port 10000 by pressing the Return key
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 13/25
3.11. Provide an Admin username and password for the WebMin login. (It is a good idea to make this the same as the admin login for the computer).
You will be advised that SSLeay Library is not installed. This is OK! 3.12. Type y to start Webmin at boot time
3.13. There will be some delays then a variety of information appearing in the terminal window as WebMin is installed.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 14/25
3.14. The installation process is complete when you see the following screen:
3.15. Quit Terminal. 3.16. All done! Whew! Not so scary after all!
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 15/25
4.
Configuring WebMin WebMin is configured through a web browser interface. As you would have seen in the Terminal installation process, this interface is accessed on port 10000 at the IP address of the computer on which WebMin is Installed. WebMin can (and should!) be accessed from any computer on the network, rather than from the proxy server itself. In a school environment, you may need to disable the browser’s proxy settings on the computer from which you are accessing the WebMin computer.
4.1. Start Internet Explorer or Safari.
4.2. Go to http://10.x.x.20:10000 (where 10.x.x.20 is the address of the proxy server). If this computer is going to be used as an “Admin” computer, you can set the default home page to http://10.x.x.20:10000, or bookmark the page).
4.3. Logon to Webmin using the username and password you setup previously.
Click on the login button.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 16/25
4.4. You will see the WebMin window.
4.5. Click on the WebMin Configuration icon.
4.6. Click on the WebMin Modules icon
4.7. We are going to add the DansGuardian module to WebMin’s interface.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 17/25
4.8. Click on the icon adjacent to the From local file field (above), and you will see the following window.
4.9. Click on the Applications folder icon, and you will see the following window. Scroll until you can see the dg-0.5.9-2.wbm file which you copied to the Applications folder previously.
4.10. Click on the icon next to the dg-0.5.9-2.wbm file, then click on OK. 4.11. The path will now be displayed in the Install box.
Click on the Install Module button. Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 18/25
4.12. You will (hopefully!) be advised that the installation was successful. 4.13. Click on the Servers icon at the top of the WebMin window
4.14. Among other icons, you should now see the DansgGuardian module.
4.15. We need to configure DansGuardian to work correctly within the Mac OS X version of WebMin. This is all done from within WebMin. 4.16. Click on the DansGuardian module icon.
4.17. Click on Module Config:
4.18. You will see the Configurable options for DansGuardian:
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 19/25
4.19. Change the options from this:
to this:
4.20. Click on Save. 4.21. You will now be returned to the main window. 4.22. Click on Start DG:
4.23. Quit Webmin
Note: You will need to start WebMin and click on the Start DG button whenever the server restarts.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 20/25
5.
Configuring DansGuardian The DansGuardian Web site (http://dansguardian.org) provides extensive documentation. This page is a “nutshell” of the basics.... 5.1. Logon to WebMin and click on the DansGuardian module icon.
5.2. Click on View/Edit File:
5.3. Let’s say you would like to download mp3 files, but DG is blocking access to mp3 files because “mp3” is a “banned extension”. Click on Edit, next to the Banned File Extension list in the table shown above. 5.4. This is a list of all the file extensions blocked by DG. Scroll down the list until you see Time/bandwidth wasting files.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 21/25
5.5. Insert a hash (#) in front of the .mp3 entry. Anything with a # in front of it is ignored by DG
5.6. MP3 files will now be permitted through DG. 5.7. A similar process applies to permitting other files, phrases, etc.
5.8. You can also change the page that is displayed to notify that DG has blocked a site. This is just an HTML page located in: /usr/local/etc/dansguardian/template.html
5.9. In the Finder, in the Go menu, choose to Go to Folder, then enter /usr, and click on Go. 5.10. Navigate to local > etc > dansguardian, and locate template.html. 5.11. You can open and edit this file in a Web Editor, to make it a little more tailored for your school:
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 22/25
6.
Configuring System Preferences Since this computer is now going to be used as a server, we will need to make some changes to the computer’s System Preferences. 6.1. Go to System Preferences and make the following adjustments: Login Items Add SquidMan to the list of Login Items that will launch at login. (You will have to have Auto login enabled in Accounts). Energy Saver. Choose to Never put computer or the hard disk to sleep Click on the Options tab, and tick the box to Restart Automatically . Date and Time Click on the Network Time tab, and enter a time server, if available. (The NSW DET time server is 153.107.37.22). Network Prefs Should already be set to correct IP address and parent proxy.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 23/25
7.
Configuring Computers to use the Proxy/Filter We need to make some adjustments to the network preferences on each client so that all it’s web requests go through the filter/proxy. 7.1. Go to Network Preferences on each client. 7.1.1. To use the Squid proxy and the DansGuardian filter:
7.1.2. To use just the SquidMan proxy:
You may decide to have only some of your computers using the filter, and other accessing the proxy directly. If you are accessing the SquidMan proxy directly, and not via the DansGuardian content filter (eg staffrooms/students) be sure to set the SquidMan preferences to accept connections from the IP address(s) of the clients (under the Clients tab).
7.1.3. In schools that access a central, systemic proxy server, the FTP proxy, Secure proxy etc, should be left to use the central proxy.
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 24/25
7.1.4. Netscape users will need to set their proxy preferences individually:
While Safari and Internet Explorer refer to the System preferences for their proxy setting, Netscape (and Mozilla) store these preferences in each user’s preferences folder.
7.1.5. Windows computers can be setup in a similar way. Internet Explorer > Tools > Internet Options > Connection > LAN
Wazzaʼs QuickStart: Setting up a Caching Proxy & Content Filter (Mac OS X 10.2)
Page 25/25
