Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

ffproxy.quick(7)     BSD Miscellaneous Information Manual     ffproxy.quick(7)

NAME
     ffproxy.quick — filtering HTTP/HTTPS proxy server quick introduction

DESCRIPTION
     ffproxy is a filtering HTTP/HTTPS proxy server.  It is able to filter by
     host, URL, and header.  Custom header entries can be filtered and added.
     It can even drop its privileges and optionally chroot(2) to some direc‐
     tory.  Logging to syslog(3) is supported, as is using another auxiliary
     proxy server.  An HTTP accelerator feature (acting as a front-end to an
     HTTP server) is included.	Contacting IPv6 servers as well as binding to
     IPv6 is supported and allows transparent IPv6 over IPv4 browsing (and
     vice versa).

     This manual describes how to set up a basic HTTP proxy installation.  It
     is assumed that you already have compiled the program or installed it via
     port or package.

COPYING FILES
     The program comes with default configuration files that contain both
     examples and suggested entries.  You can simply copy them to a directory
     of your choice.  This directory will become the program's working direc‐
     tory.

	   mkdir /var/ffproxy
	   tar cf - db/ html/ | ( cd /var/ffproxy ; tar xf - )
	   cp sample.config /var/ffproxy/ffproxy.conf

     Above example would install all needed files to /var/ffproxy, which is
     ffproxy's default working directory.

SECURING
     The proxy now has its own working directory.  By default, ffproxy does
     not change UID/GID after start.  For security reasons we want to enable
     it.  You have two choices know: Either use existing UID/GID or add custom
     UID/GID for ffproxy.  See adduser(8) or useradd(8), depending on your
     system, on how to create new IDs.

     Edit ffproxy.conf and change the lines containing uid and gid

	   # change UID and GID
	   #
	   # to use, both uid and gid must be set
	   # (disabled by default)
	   #uid proxy
	   #gid proxy
	   uid _ffproxy
	   gid _ffproxy

     In addition to changing UID and GID, ffproxy should be executed change-
     rooted to its working directory.  So we change chroot_dir and
     db_files_path in the configuration file

	   # change root to (only in connection with uid and gid change)
	   # (disabled by default)
	   chroot_dir /var/ffproxy

	   # path to db/ and html/ directories
	   # (default: /var/ffproxy)
	   db_files_path .

     db_files_path must be changed, too, since that is relative to new root.
     Finally, we copy /etc/resolv.conf to ffproxy's home to enable DNS in
     chroot and chown /var/ffproxy so the proxy's master process can write its
     PID file

	   mkdir /var/ffproxy/etc
	   cp /etc/resolv.conf /var/ffproxy/etc/
	   chmod 750 /var/ffproxy
	   chown _ffproxy._ffproxy /var/ffproxy

ACCESS TO THE PROXY
     By default, nobody is allowed to connect to ffproxy.  Let's say, we want
     to provide LAN users a filtering proxy to shut down malicous content com‐
     ing from the Internet.  So the proxy has to be listening on the local
     network interface only.  We change bind_ipv4 and bind_ipv6 appropiately
     in ffproxy.conf

	   bind_ipv4 martyr.burden.eu.org
	   bind_ipv6 martyr.burden.eu.org

     Additionally, we have to change db/access.ip.  By, for example,

	   ^192\.168\.10\.

     we allow 192.168.10.0/24 to use our proxy.

STARTING THE PROXY
     Last step is starting ffproxy.  Keep in mind that we run the program
     change-rooted to /var/ffproxy, so files are relative to new root.

	   cd /var/ffproxy ; /usr/local/bin/ffproxy -f ffproxy.conf

     starts ffproxy.  Now test if it works correctly.  If not, change
     ffproxy.conf and/or read ffproxy(8) ffproxy.conf(5)

     ffproxy is not running as daemon right know.  If everything seems to
     work, simply shut down the proxy by pressing CTRL-C, set `daemonize yes'
     in the configuration file and start ffproxy again.

TRANSPARENT OPERATION
     The proxy allows transparent operation, that is, HTTP traffic is redirect
     to the proxy which simulates a HTTP server so that the users don't have
     to specify a proxy server.	 Consider forced usage of a proxy server as
     well.  To do that, you will have to configure your NAT accordingly.  On
     OpenBSD you'll want a line like

	   rdr on rl0 proto tcp from any to any port 80 -> 127.0.0.1 port 8080

     in /etc/pf.conf.  See your NAT's documentation for details on how to do
     this.

VERSION
     This manual documents ffproxy 1.6 (2005-01-05).

SEE ALSO
     ffproxy(8), ffproxy.conf(5), pf.conf(5)

				  Jan 5, 2005

Vote for polarhome