mirror of
https://github.com/opnsense/docs
synced 2024-11-17 03:25:33 +00:00
110 lines
3.1 KiB
ReStructuredText
110 lines
3.1 KiB
ReStructuredText
|
=============
|
|||
|
Caching Proxy
|
|||
|
=============
|
|||
|
|
|||
|
.. image:: images/forward_proxy.png
|
|||
|
|
|||
|
OPNsense is equipped with a fully featured forward caching (transparent) proxy.
|
|||
|
A caching proxy reduces bandwidth and improves response times by caching and
|
|||
|
reusing frequently-requested web pages. The Access Control Lists can be utilized
|
|||
|
for user authentication and or as (category based) web filter.
|
|||
|
|
|||
|
Features include:
|
|||
|
|
|||
|
* Multi Interface Support
|
|||
|
* Transparent Mode (including SSL/HTTPS)
|
|||
|
* ICAP Support for Anti Virus/Malware Engine
|
|||
|
* HTTP Proxy
|
|||
|
* FTP Proxy
|
|||
|
* User Authentication
|
|||
|
* Access Control Lists (valid for both http(s) and ftp)
|
|||
|
* (Compressed) Blacklist
|
|||
|
* Category Based Web Filtering
|
|||
|
* Can be combined with traffic shaper
|
|||
|
|
|||
|
--------------
|
|||
|
Authenticators
|
|||
|
--------------
|
|||
|
User authentication can be done using OPNsense standard and build-in authenticators.
|
|||
|
Currently these include:
|
|||
|
|
|||
|
* LDAP (incl. Microsoft Active Directory)
|
|||
|
* Radius
|
|||
|
* Local user manager
|
|||
|
* No authentication
|
|||
|
|
|||
|
--------------
|
|||
|
Access Control
|
|||
|
--------------
|
|||
|
OPNsense supports fine grained access control, base upon:
|
|||
|
|
|||
|
* Subnets
|
|||
|
* Ports
|
|||
|
* MIME types
|
|||
|
* Banned IP’s
|
|||
|
* Whitelists
|
|||
|
* Blacklists
|
|||
|
* Browser/User Agents
|
|||
|
|
|||
|
------------------
|
|||
|
Traffic Management
|
|||
|
------------------
|
|||
|
The proxy can be combined with the traffic shaper and take full advantage of its
|
|||
|
shaping features.Additionally it includes its own options:
|
|||
|
|
|||
|
* Maximum download size
|
|||
|
* Maximum upload size
|
|||
|
* Overall bandwidth throttling
|
|||
|
* Per host bandwidth throttling
|
|||
|
|
|||
|
|
|||
|
-------------------------
|
|||
|
Category Based Web Filter
|
|||
|
-------------------------
|
|||
|
No need for additional plugins, such as squidGuard - as OPNsense has build-in
|
|||
|
category based web filter support. Main features include:
|
|||
|
|
|||
|
* Fetch from a remote URL
|
|||
|
* Supports flat file list and category based compressed lists
|
|||
|
* Automatically convert category based blacklists to squid ACL's
|
|||
|
* Keep up to date with the build-in scheduler
|
|||
|
* Compatible with most popular blacklist
|
|||
|
|
|||
|
----------------
|
|||
|
Transparent Mode
|
|||
|
----------------
|
|||
|
The transparent mode means all request will be diverted to the proxy without any
|
|||
|
configuration on your client. Transparent mode works very well with unsecured http
|
|||
|
requests, however with secured (SSL) https connection the proxy will become a
|
|||
|
man-in-the-middle as the client will "talk" to the proxy and the proxy will encrypt
|
|||
|
the traffic with its master key that the client is required to trust.
|
|||
|
|
|||
|
While we do not encourage the use of https in transparent mode, this feature is
|
|||
|
scheduled for release in version 16.7.
|
|||
|
|
|||
|
.. Warning::
|
|||
|
Using a transparent HTTPS proxy can be a dangerous practice and may not be
|
|||
|
allowed by the services you use, for instance e-banking.
|
|||
|
|
|||
|
|
|||
|
------------------------
|
|||
|
Configuration / HOW-TO's
|
|||
|
------------------------
|
|||
|
More information on how to utilize OPNsense's proxy service can be found in:
|
|||
|
|
|||
|
Proxy Basic Setup
|
|||
|
-----------------
|
|||
|
:doc:`how-tos/cachingproxy`
|
|||
|
|
|||
|
Setup Web Filtering
|
|||
|
-------------------
|
|||
|
:doc:`how-tos/proxywebfilter`
|
|||
|
|
|||
|
Setup Transparent Mode (including SSL)
|
|||
|
--------------------------------------
|
|||
|
:doc:`how-tos/proxytransparent`
|
|||
|
|
|||
|
Setup ICAP Anti Virus/Malware Engine
|
|||
|
------------------------------------
|
|||
|
:doc:`how-tos/proxyicapantivirus`
|