1. Introduction

We have grown so much accustomed to Internet access on our work computers, that we can hardly imagine what people ever did all day long on their workplace before!

By providing access to a virtually endless amount of information, the Internet has quickly turned into an essential working tool; so essential that most companies can't do without it anymore. But besides providing a huge amount of information, the Internet has also turned into the main virus vehicle (together with e-mail) and doesn't exclusively provide content in line with corporate policies. That's why a proxy server is often as necessary as the Internet connection itself.

The main benefits of web proxying are:

The following is the list of the pieces of software we will use:

a robust, security-oriented operating system, with only two remote holes in the default install, in a heck of a long time!;
a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more;
a combined filter, redirector and access controller plugin for Squid;
an open source (GPL) anti-virus toolkit for UNIX;
an antivirus redirector for Squid proxy based on the Awards winnings ClamAv anti-virus toolkit;
a redirector for squid that intercepts advertising (banners, popup windows, flash animations, etc), page counters and some web bugs (as found).

The choice of using free software prevented me from using DansGuardian, an Open Source web content filter, running on many OSes and filtering the actual content of pages based on many methods including phrase matching, PICS filtering and URL filtering. Fine and dandy, but it is not free for commercial use.

A good knowledge of OpenBSD is assumed, since we won't delve into system management topics such as OS installation and base configuration, packages/ports installation or PF syntax.