pFSense Squid Proxy Setup + Proxy Pac

 

 

 

 

 

 

由Nokia IntelliSync年代試玩 OpenLDAP LC CentOS 5 試驗機,到變成Squid Proxy 已經用超過十年。基於CentOS 5 已經EOL一段時間。係時候準備新嘅Proxy作為replacment

因為目前需要試iOS Device 經Proxy, 只需要用Proxy Server黎試iOS嘅Global HTTP Proxy。所以唔需要大費周章去再起新Linux。pFSense呢啲Soft Router正正做到自己需要嘅Test

pFSense setup相信唔需要講啲咩,因為真係好簡單。Mount起ISO,Boot機,噤制,等完成安裝。
唯一提係安裝係VirtualMachine,估唔到 係到呢家仍然要選IDE HD。好在係pFSense可以config行RAM Disk。

下面嘅URL有好好嘅Setup Procedure作參考。
唯一唔同係自己唔係要Setup Transparent Proxy。

目標Proxy Set up而係Standard HTTP Proxy 加 Proxy Pac file

以下PAC 係好好嘅Sample

Sample PAC pattern

  • function FindProxyForURL(url, host) {// If the hostname matches, send direct.
    if (dnsDomainIs(host, “intranet.domain.com”) ||
    shExpMatch(host, “(*.abcdomain.com|abcdomain.com)”))
    return “DIRECT”;

    // If the protocol or URL matches, send direct.
    if (url.substring(0, 4)==”ftp:” ||
    shExpMatch(url, “http://abcdomain.com/folder/*”))
    return “DIRECT”;

    // If the requested website is hosted within the internal network, send direct.
    if (isPlainHostName(host) ||
    shExpMatch(host, “*.local”) ||
    isInNet(dnsResolve(host), “10.0.0.0”, “255.0.0.0”) ||
    isInNet(dnsResolve(host), “172.16.0.0”, “255.240.0.0”) ||
    isInNet(dnsResolve(host), “192.168.0.0”, “255.255.0.0”) ||
    isInNet(dnsResolve(host), “127.0.0.0”, “255.255.255.0”))
    return “DIRECT”;

    // If the IP address of the local machine is within a defined
    // subnet, send to a specific proxy.
    if (isInNet(myIpAddress(), “10.10.5.0”, “255.255.255.0”))
    return “PROXY 1.2.3.4:8080”;

    // DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
    return “PROXY 4.5.6.7:8080; PROXY 7.8.9.10:8080”;

    }

而 Proxy PAC 係今次嘅主菜,相對pFSense / Squid 嘅 Setup,花係PAC試嘅時間係更多

今次目的係iOS Device 行Proxy,經MDM Push Global HTTP Proxy Profile。所以PAC 係Set到Mobile Network會用Proxy,反而係Internal Network唔經Proxy

跟住嘅Post會講經MDM Push左Global HTTP Proxy profile發現嘅 古怪問題

To be Continue…

 

Reference URL

https://www.howtoforge.com/pfsense-squid-squidguard-traffic-shaping-tutorial

https://www.netgate.com/docs/pfsense/cache-proxy/setup-squid-as-a-transparent-proxy.html

https://tektab.com/2012/09/26/setting-up-automatic-proxy-configuration-pac-file/

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.