/
How to Set Up and Configure the HTTP Proxy

How to Set Up and Configure the HTTP Proxy

Jan 09, 2026

To set up and configure the HTTP Proxy, follow the steps provided in this article. After setting up the HTTP Proxy, you can configure log settings for the service. Because the integrated proxy service of the Barracuda CloudGen Firewall is based on Squid, you can also add generic squid.conf entries for configurations such as client IP forwarding, closing redundant client sessions, and customized HTTP and HTTPS ports. From the command line, you can verify the HTTP Proxy server configuration.

Step 1. Enable the HTTP Proxy Service

To enable the HTTP Proxy:

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > Service Properties.

  2. Click Lock.

  3. From the Enable Service list, select Yes.

  4. Click Send Changes and Activate.

Step 2. Configure the Connection Settings

Specify the settings for connecting your system to the Internet.

  1. Go to CONFIGURATION > Configuration Tree > Box > Administrative Settings.

  2. From the Configuration menu in the left navigation pane, select HTTP Proxy

  3. Click Lock.

  4. From the Connection Type list, select how your system is connected to the Internet. You can select one of these options:

    • Direct Access – Your Barracuda CloudGen Firewall is directly connected to the Internet.

    • HTTP/S Proxy Your Barracuda CloudGen Firewall is connected through an HTTP or HTTPS Proxy.

  5. Specify the rest of the settings in the System HTTP Proxy Settings section.

  6. Click Send Changes and Activate.

Step 3. Specify the Operation and Network Settings

Select the operation mode for the HTTP Proxy and specify its network settings.

  1. Go to CONFIGURATION  > Configuration Tree > Box > Assigned Services >  HTTP-Proxy > HTTP Proxy Settings.

  2. Click Lock.

  3. In the left menu click Basic Settings and configure the following settings:

    • Contact Mail – The admin proxy email address. This address is the contact that will be displayed within upcoming error messages.

    • Visible Hostname – The hostname that will be displayed within error messages. The visible hostname must be formatted as: "host.domain.tld". Special characters are not allowed. If you are running a forwarding/caching DNS server, the hostname MUST NOT be identical to the system hostname.

    • Proxy Mode – The mode that specifies how the proxy service handles requests. You can select one of the following modes:

  4. In the left menu, click IP Configuration.

  5. In the Network Settings section, specify the IP addresses and ports that you want to use. You can also configure SNMP monitoring. For more details on these settings, see HTTP Proxy Settings.

  6. Click Send Changes and Activate.

Step 4. Configure Log Settings

To specify the log settings for the HTTP Proxy:

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > HTTP Proxy Settings.

  2. In the left navigation pane, expand Configuration Mode and click Switch to Advanced View.

  3. Click Lock.

  4. In the Log Settings section, specify the log settings for the service. For more details on these settings, see HTTP Proxy Settings.

  5. Click Send Changes and Activate.

Step 5. (Optional) Configure Miscellaneous (Misc.) Settings

If required, you can configure these miscellaneous settings for the HTTP Proxy:

  • Use of extended passive FTP

  • Number of CPU cores

  • Use of the X-Forwarded-For header for requests

  • Cache settings

  • Size limit for files that will be processed

To configure these settings:

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services >  HTTP-Proxy > HTTP Proxy Settings.

  2. In the left navigation pane, expand Configuration Mode and click Switch to Advanced View.

  3. In the Misc. Settings section, configure the miscellaneous settings. For more details on these settings, see HTTP Proxy Settings.

  4. Click Send Changes and Activate.

Step 6. (Optional) Enable TLS Inspection

To apply web filter policies or to use virus scanning for HTTPS traffic enable TLS Inspection. To use TLS Inspection the Feature Level of the Forwarding Firewall must be set to 7.2 or higher. For more information, see TLS Inspection in the Firewall.

You must deploy the root certificate to the client browsers to avoid TLS errors.

  1. Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > HTTP-Proxy > HTTP Proxy Settings.

  2. In the left menu, select TLS Settings.

  3. Click Lock.

  4. Select Enable TLS Inspection.

  5. Import your root CA Certificate in PKCS12 format:

    1. Click on Ex/Import for the Root CA Certificate.

    2. Select Import from PKCS12 File and select your root CA certificate file on your computer.

  6. (optional) In the TLS Inspection section, enter the Excluded Domains.

  7. (optional) In the TLS Inspection section, enter domains that should always be trusted to the Allow List.

  8. Click Send Changes and Activate.

Add Squid Configurations

To configure client IP forwarding, close redundant client sessions, and customize HTTP and HTTPS ports, add squid.conf entries in the advanced settings for the HTTP Proxy.

For more information about Squid proxy configuration, see the official Squid documentation at www.squid-cache.org. Note that changing advanced configuration parameters should only be done by an expert administrator. If you have any questions, contact Barracuda Networks Technical Support for assistance.

To add squid.conf entries:

Contact Us
Barracuda Campus
Barracuda Support