# Squid Proxy guide?

## StarF

Hi

does there exist any guides on how to set up a squid proxy with antivirus scan, and so on?

tryed to check the wiki, but nothing there?

----------

## h0mer`-

I think there is no support for squid running with a virus scan, but you can use dansguardian in addition to squid which is able to scan for viruses.

Configuring squid is not necessary then, if you aint gonna run some special setup. All configuration is done in dansguardian.

Look into the following files.

/etc/dansguardian/dansguardian.conf

/etc/dansguardian/dansguardianf1.conf

Its pretty much self explanatory.

----------

## StarF

tnx for the tip..

what about just a guide to squid then? hate poking aroind in something new with out something to keep me on track.

----------

## h0mer`-

For squid you only need to edit the /etc/squid/squid.conf file.

Edit the file around line 600+ and add those 2 lines according to your local network setup (order is important)

```

acl localnet src 192.168.0.0/24

http_access allow localnet

http_access deny all

```

You can also create a seperate acl for each client rather than allowing access from your whole local network.

```

acl hoshi src 192.168.0.5/32

http_access allow hoshi

```

By default squid runs at port 3128 so you need to put the squidserver ip into your workstations browser settings. In gentoo console mode you can export the proxy by the following:

```
export http_proxy="http://ipofyoursquidserver:3128"
```

----------

## StarF

i was gonna run it as a transparent proxy. curently trying to set it up via webmin, is it possible to config squid in every way in there?

like if i need to set it up as a transparent proxy and so on?

----------

## h0mer`-

Transparent proxy mode has its flaws, because https and ftp traffic doesn't work any more and you cannot use user authentication any more.

```
httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on
```

And you need to redirect port 80 to 3128 on your server via iptables or something like that.

----------

## StarF

 *h0mer`- wrote:*   

> Transparent proxy mode has its flaws, because https and ftp traffic doesn't work any more and you cannot use user authentication any more.
> 
> ```
> httpd_accel_host virtual
> 
> ...

 

tnx for the help. I thought if you allowed it ftp and https trafic would work as always?

the isue is i need a way to control a network, so i can remove bit torrent trafic from my network, and also have some sort of proxy. i need it to be a transparent, so the users cannot get around it.

----------

## h0mer`-

Well if u have control over the gateway from your LAN to WAN then there are many possibilities to achieve your goal, but i really cant decide what would be best with so little information.

----------

## nativemad

You could use a transparent bridge with iptables/ebtables in front of your gateway to achieve that, if you can't manipulate the gateway itself!

----------

