For the IT administration of organizations with many users, typically also schools, it can be very useful to regulate the access to external websites. From a technical point of view, in order to improve performance when accessing frequently visited pages, but also in terms of restricting access to certain pages, e.g. for security reasons or to protect minors.
The web proxy, which is a central component of UCS@School, is used to improve performance and control data traffic. In this blog article I’ll show you how to configure Squid Proxy with SquidGuard and how to combine both with existing (youth protection) website filters. And with the “Shalla-List-Downloader” I would like to present you a Cool Solution, with which you can further round off this protection and which we have already successfully implemented in various school projects.
What is Squid?
Squid is a so-called “caching proxy”, primarily for web content delivered via the HTTP, HTTPS, or FTP protocols. This means that Squid can greatly reduce response times when retrieving web pages and at the same time reduce data volume by caching web pages and their contents and making them available to a large number of clients at the same time.
Squid can basically be used in two operating modes. This blog article is about Squid as a web proxy. In a previous blog article, we already described how Squid is configured as a reverse SSL proxy.
Squid as a Web-Proxy on School Servers
In the UCS default setting, each school server runs a proxy server based on Squid in conjunction with SquidGuard. This means that the clients in the school, i.e. all computers of the students and teachers, access the Internet via Squid. Squid thus becomes the central location from which the requested web content is retrieved, stored and delivered as a buffered version to all other clients who also want to access this web content. If the same website is accessed several times, it does not have to be queried again by the remote web server.
The clients automatically receive information about the proxy server to be used via DHCP [link or interferer to DHCP article], i.e. the school server on which Squid is installed. This is done using the WPAD option in DHCP, so that a proxy autoconfiguration file (PAC file) is delivered automatically. Unfortunately, this does not work equally well for all browsers out-of-the-box. For the implementation there are different approaches, such as using a central group policy via Samba. The UCS@School manual describes in detail how to manually configure a PAC file for Internet Explorer and Firefox.