Squid Proxy Still Relevant In 2023?

Posted on by
1

We have used Squid proxy here and there over the years and yes, it is still very much relevant and useable today in 2023. But of course, as with most things in the IT world, it’s really going to depend on the use case. One of the turnoffs with Squid proxy I think is the project doesn’t seem to be actively supported anymore. The website is mostly abandoned (last blog post back in 2021) and the site is still running http..? Not sure what’s up with that but regardless, Squid proxy still works good. And while Squid is widely regarded as a caching proxy for the Web, our primary use for it has been for it’s web content filter capabilities (blocking websites). So in this blog, we will be talking from the perspective of using Squid as a web content filter.

Pair Squid Proxy up with SquidGuard and you got yourself a pretty decent web content filter going with some fine tuned control. Block by keyword, use blacklists and also do url/subdirectory filtering. An example of url filtering would be: I want to leave reasonableitservice.com accessible but want to block a subdirectory/specific page of the site such as reasonableitservice.com/blog. This can be accomplished with Squid Proxy and SquidGuard via ‘URL list’ filtering.

Another awesome thing about Squid proxy is it integrates very nicely with pfSense. You simply just install Squid proxy and SquidGuard from the pfsense package manager. Once installed, you may access Squid from services menu.

Challenges With Squid Proxy And Why It May Not Be A Good Fit For Everyone

You will want to run Squid in one of two modes, ‘Non-Transparent Mode with SSL Certificates’ (more complex to setup) &Transparent Mode without SSL Certificates’ (easy to setup).

Now to get the most out of Squid Proxy web content filter, pair it up with SquidGuard and you will also need to use it in Non-Transparent Mode with SSL Certificates. 

If you want to use this mode, you should disable transparent mode, enable SSL filtering and set the SSL/MITM mode to ‘splice whitelist, bump otherwise’ . These settings can be found under services>squid proxy server>general. You will also need to create a CA on pfSense, export it and then get it to all the endpoints you want to use the proxy and also configure proxy settings on each endpoint.

Advantages Of ‘Non-Transparent Mode with SSL Certificates’:

SSL Inspection: Installing SSL certificates on endpoints allows the proxy server to decrypt and inspect HTTPS traffic. This enables better content filtering, threat detection, and monitoring for security purposes. Selective Proxying: With manual proxy configurations, you can choose which devices or applications use the proxy. This gives you more control over what traffic is monitored or filtered. Bypass Options: Users can easily bypass the proxy for specific sites or services if needed.

Disadvantages Of ‘Non-Transparent Mode with SSL Certificates’:

Complex Setup: Manual proxy configuration on each endpoint can be more complex and time-consuming to set up, especially in larger environments. End-User Involvement: Users need to configure their devices to use the proxy, which might lead to support and compatibility challenges. Maintenance: Managing SSL certificates and proxy configurations across multiple devices could lead to ongoing maintenance and potential issues. Lastly and probably the biggest drawback: it’s not feasible (if even possible) to install the required cert on IOT devices (phones, tablets, ipads, mobile devices, etc).

Of course you can always use Squid in Transparent Mode without SSL Certificates
in which case you do not have to worry about dealing with certificates OR proxy configurations on endpoints. Of course like with anything, this type of config comes with it’s advantages and disadvantages. I will put it out there straight away, that if you are using this mode, you will not be able to filter https traffic with greater control, Example you will not be able to use url filtering for https traffic. Here is a more detailed break down of the pros and cons associated with this Squid mode:

Advantages Of ‘Transparent Mode without SSL Certificates’:

Ease of Setup: Transparent mode requires minimal client-side configuration. Users don’t need to manually configure their devices to use a proxy. Simplicity: Setting up transparent proxying is often simpler, as it doesn’t require end users to be involved in the configuration process. Effective Blocking: Transparent proxying can intercept and block traffic, both HTTP and HTTPS, without the need for SSL certificates on endpoints.

Disadvantages Of ‘Transparent Mode without SSL Certificates’:

Limited Control: Transparent proxying might lack fine-grained control over which traffic is proxied or not. All traffic that passes through the network is intercepted, which could lead to unintended consequences. SSL Inspection Challenges: Without SSL certificates on endpoints, SSL inspection becomes difficult. Transparent proxying can’t decrypt HTTPS traffic for content filtering or threat detection, which might be important for security reasons. Compatibility: Some applications or devices might not work seamlessly with a transparent proxy due to the way they handle proxy settings.

But What About Squid Proxy And TLS 1.3 Support?
We recently tested and Squid had no issue intercepting and filtering websites running TLS 1.3

Conclusion

Reference the video below to see how we typically utilize Squid Proxy + Squid Guard in pfsense. Overall, and despite some of it’s limitations, we are still fans of Squid Proxy and believe it can still prove valuable in certain use cases.

 

#is squid proxy dead in 2023?
#still using squid proxy in 2023?
#is squid proxy still good?
#is squid proxy eol
#how to use squid proxy and squid guard in pfsense
#blocking sub directories of a web site with Squid proxy
#can i block url paths with SquiGuard?
#how to block a url sub directory in Squid Proxy
#does squid proxy support TLS 1.3
#does squid proxy support TLS v1.3
#squid proxy TLS 1.3 support
#using squid proxy as a web content filter in 2023
#should i still be using squid proxy in 2023?
#should I still be suing squid proxy in 2024?
#how to setup squid proxy and squidguard in pfsense
#how to block url paths with squidguard
#how to block website sub directories with pfsense and squid
#how to block a specific page of a website and not block the whole website
#using squid guard with pfsense
#use squid proxy with pfsense
#is squid proxy in pfsense any good?
#difference between squidguard and squid proxy?
#does squid proxy support websites using tls v1.3?

Launching Our Ebay Store

Posted on by
Reply

We come across a lot of good tech deals and old obsolete yet still very usable electronic equipment and figured it’s time to start an ebay store and hopefully turn a profit. Plus we love flipping old computers too. Further more, our items won’t be limited to just tech/electronic stuff but will also include whatever we think is cool, in good condition and saleable.

That being said, we have decided to call our ebay store ‘Goodies & Tech’. Right now we have a couple of fresh refurbed Dell Optiplex gaming converted PC’s for sale to start. We’ll be adding more items soon.

Cheers

 

Quickly Understand The Difference Between Active And Passive Checks In Zabbix

Posted on by
Reply

The active and passive check concept can be a little confusing to understand, especially if you’re new to Zabbix. Here is how to quickly make sense of it and if you’re familiar with SNMP traps, we can use that as a reference point as well.

The distinction between active and passive monitoring in both SNMP and Zabbix revolves around where the data is generated from and how the communication flows between the monitoring system and the monitored devices. When the devices proactively send data, it aligns with active monitoring, and when the monitoring system actively queries the devices, it aligns with passive monitoring.

Think of SNMP Traps (if you’re already familiar that is)

SNMP Traps (Active) In SNMP traps, the SNMP agents (devices) generate and send unsolicited messages to the SNMP manager (monitoring system) when specific events occur. This is similar to Zabbix’s active monitoring, where the Zabbix agents (endpoints) actively send data to the Zabbix server (monitoring system) at regular intervals.

Regular SNMP (Passive): In regular SNMP, the SNMP manager (monitoring system) polls the SNMP agents (devices) for specific information by sending “GET” requests, and the agents respond with the requested data. This is more similar to Zabbix’s passive monitoring, where the Zabbix server (monitoring system) polls the Zabbix agents (endpoints) to retrieve data.

But Should I Use Active Or Passive Checks In Zabbix?
Of course there is no avoiding this question but like with most answers in IT, we land on the good ol, all to common answer ‘it depends’. FYI – Zabbix uses passive checks by default but here is a breakdown to help you make your decision. I personally believe the default passive checks work fine for most uses cases. However, the decision to use active or passive checks in Zabbix depends on your specific monitoring requirements and network environment. Each method has its advantages and considerations, so it’s essential to understand the differences to make an informed choice:

1. Passive Checks:

  • Pros:
    • Simplicity: Passive checks are easier to set up as they require the Zabbix server to have access to the Zabbix agents, and the agents only need to be running and reachable.
    • Network-Friendly: If you have firewalls or network restrictions, passive checks are often more feasible, as the Zabbix server initiates the communication.
    • Less Load on Agents: Passive checks put less load on the monitored hosts, as they only respond when queried by the server.
  • Cons:
    • Slightly Delayed Data: Passive checks rely on the Zabbix server to initiate data collection, so there might be a slight delay in data retrieval compared to active checks.

2. Active Checks:

  • Pros:
    • Real-Time Data: Active checks provide real-time data as the Zabbix agents proactively push data to the server at defined intervals.
    • Lower Server Load: Active checks can reduce the Zabbix server’s load as agents are responsible for pushing data, and the server doesn’t need to poll multiple agents.
  • Cons:
    • Complexity: Configuring active checks requires additional setup on both the Zabbix server and agent sides.
    • Network Configuration: Active checks may require network adjustments, and the Zabbix server needs to be able to reach the agents directly.

Considerations:

  • If you have a simple network setup and no network restrictions, passive checks might be the easier choice to implement.
  • If you need real-time data and have a more complex network or specific security considerations, active checks could be the preferred option.

Many Zabbix users opt for passive checks by default due to its simplicity and ease of configuration. However, some may switch to active checks for specific use cases that require real-time data or to reduce the server load.

Ultimately, the choice between active and passive checks should be based on your specific monitoring requirements, network architecture, and any potential security or performance concerns. It’s also worth considering testing both methods in a controlled environment to see which one fits your needs best before implementing them in production.

Official Zabbix documentation.

#understanding the difference between active and passive checks in Zabbix
#what is active and passive checks in Zabbix?
#should I use active or passive checks in Zabbix?
#zabbix active checks vs passive checks
#is zabbix active checks better then passive checks?