We are looking at implementing mikrotik at our clients as web proxy server. This will be for caching, website blocking via white or black list setup and port blocking.
The problem we have is deciding on what routerboards to use if any or if going with a pc based solution would be better. So my questing is, is there anyone out there who has found hardware thats compatible with the OS or would it be easier getting a routerboard with enough processing power and adding an external hard disc drive to it and if so does that solution work.
So basically what is best practice when implementing mikrotik as a web proxy.
Thanks,
Regards for Sunny SA!!!
I can’t fully answer your question with a “this option is best” kind of answer, but I will put in my two cents for your consideration. I found that MikroTik’s built-in Web proxy was a bit limited. I instead setup a VM on one of our servers running the full version of the Squid proxy server, and installed Diladele Web Safety (formerly known as QuintoLabs Content Security) content filtering software. I then configured the MikroTik router’s proxy to look to this proxy as its parent. This gives me finer-grained control over content filtering, and the storage/processing happens on another box.
If you want to do a purely MikroTik solution, then I’d suggest installing it on a small form factor computer rather than adding USB storage to a RouterBoard. I find RB USB storage to be a bit of a pain, and find the USB port more suitable for things like 3G modems. Just my opinions though.
Using MT or squid will also depend upon
- number of clients: squid can be easily configured for high loads/many users
- user preferences: In case of mostly caching html etc. MT might be good enough. In case of caching large files (videos) squid is much more capable to do that
Expecting inceasing number of clients, squid should be better choice.
Proxy in ROS is just way too limited . You’re much better off running something like a HP Microserver with Centos+squid or pfSense if you want something slightly more friendly.