{"id":205,"date":"2017-08-15T13:48:38","date_gmt":"2017-08-15T13:48:38","guid":{"rendered":"http:\/\/info.ffteixeira.net\/2017\/08\/15\/install-and-configure-squid-proxy-server-clamav-squidclamav-c-icap-server-debian-9-minimal-standard-system-utilities-ssh-server\/"},"modified":"2017-08-15T13:48:38","modified_gmt":"2017-08-15T13:48:38","slug":"install-and-configure-squid-proxy-server-clamav-squidclamav-c-icap-server-debian-9-minimal-standard-system-utilities-ssh-server","status":"publish","type":"post","link":"https:\/\/blog.ffteixeira.net\/?p=205","title":{"rendered":"Install and Configure Squid Proxy Server, ClamAV, SquidClamav, C-ICAP Server \u2013 Debian 9 (minimal – standard system utilities, ssh server)"},"content":{"rendered":"

1. Install some needed dependencies.
$sudo apt-get install gcc make curl libcurl4-gnutls-dev rsync<\/strong><\/p>\n

2. Install and Configure Squid Proxy Server.
$sudo apt-get install squid3 calamaris<\/strong><\/p>\n

3.Edit config file \/etc\/squid\/squid.conf:
$sudo cp squid.conf squid.conf.ORIG<\/strong><\/p>\n

Backup
$sudo cp \/etc\/squid\/squid.conf \/etc\/squid\/squid.conf.bak<\/strong><\/p>\n

To simplify the configuration file (squid.conf), we can remove everything that is comments or blank lines.
$sudo cat squid.conf.bak | egrep -v -e '^[[:blank:]]*#|^$' > squid.conf<\/strong><\/p>\n

$sudo nano \/etc\/squid\/squid.conf<\/strong><\/p>\n

3.1 Change squid.conf options<\/p>\n

Make sure the line is uncommented (#).
acl CONNECT method CONNECT<\/em><\/p>\n

Create new access lists acl LAN to your internal network 192.168.0.0\/24. or others internal network
acl LAN src 192.168.0.0\/24
acl LAN src xxx.xxx.x.x\/24<\/em><\/p>\n

Additional access lists blacklist, whitelist, malware_block_list to block spam, commercials, malware, viruses…<\/p>\n

acl malware_block_list url_regex -i "\/etc\/squid\/malware_block_list"
acl blacklist dstdom_regex "\/etc\/squid\/blacklist"
acl whitelist dstdom_regex "\/etc\/squid\/whitelist"<\/em><\/p>\n

Access new acl lists – order matters:<\/p>\n

http_access allow whitelist
http_access deny blacklist
http_access deny malware_block_list
http_access allow LAN<\/em><\/p>\n

I did not use:<\/strong> Inform users about blocked website. Blocked commercials will be displayed as empty transparent place, require http server.
deny_info http:\/\/YourServerName\/error\/dot-transparent.png blacklist
deny_info http:\/\/YourServerName\/error\/dot-transparent.png whitelist
deny_info http:\/\/YourServerName\/error\/error.html malware_block_list<\/em><\/p>\n

Setup address IP and listening port. Transparent mean no caching.
http_port 192.168.0.1:3128<\/em><\/p>\n

Additional  setup – Anonymizer. Blocking headers:
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access All deny all
request_header_access Cache-Control deny all
httpd_suppress_version_string on<\/em><\/p>\n

Store cache ojects only in memory, cache (400MB)<\/p>\n

## Cache options<\/a><\/p>\n

cache_mem 512 MB
cache_dir ufs \/var\/spool\/squid3 400 16 256<\/em>  ### cache_dir ufs \/usr\/local\/squid\/cache 51200 64 256<\/p>\n

Disable cache for access list – LAN:
cache deny LAN<\/em><\/p>\n

Hostname
visible_hostname YourServerName<\/em><\/p>\n

Hiding IP
forwarded_for off<\/em><\/p>\n

##———————- My test config ——————————————<\/em><\/em>
acl LAN src 192.168.0.0\/24
acl LAN src 192.168.100.0\/24
acl LAN src 192.168.122.0\/24<\/p>\n

acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT<\/p>\n

acl malware_block_list url_regex -i "\/etc\/squid\/malware_block_list"
acl blacklist dstdom_regex "\/etc\/squid\/blacklist"
acl whitelist dstdom_regex "\/etc\/squid\/whitelist"
http_access allow whitelist
http_access deny blacklist
http_access deny malware_block_list<\/p>\n

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow LAN
http_access allow localhost
http_access deny all<\/p>\n

visible_hostname proxy
http_port 3128
coredump_dir \/var\/spool\/squid<\/p>\n

refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (\/cgi-bin\/|\\?) 0    0%    0
refresh_pattern .        0    20%    4320<\/p>\n

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access All deny all
request_header_access Cache-Control deny all
httpd_suppress_version_string on<\/em>
 <\/p>\n

## Cache options<\/a><\/p>\n

cache_mem 512 MB<\/em>
cache_dir ufs \/var\/spool\/squid 400 16 256
cache deny LAN
visible_hostname proxy
forwarded_for off<\/p>\n

##———————————————–——–——–——–<\/em><\/em><\/em><\/em><\/p>\n

3.2 Download files: blacklist and whitelist, unpack and save it to \/etc\/squid\/.
$wget -c https:\/\/ffteixeira.net\/blog\/sites\/default\/files\/blacklist.tar_.bz2 <\/strong>(rename blacklist.tar_.bz2 to blacklist.tar.bz2) || wget -c <\/strong>http:\/\/terminal28.com\/wp-content\/uploads\/2013\/10\/blacklist.tar.bz2
$sudo tar -xvf blacklist.tar.bz2
$sudo mv blacklist whitelist \/etc\/squid<\/strong><\/p>\n

Before trying to start Squid, you should verify that your squid.conf file makes sense. This is easy to do. Just run the following command:
$sudo squid -k parse<\/strong><\/p>\n

Ignore this error, solved next step:
…\/08\/11 12:23:16| Processing: acl malware_block_list url_regex -i "\/etc\/squid\/malware_block_list"
…\/08\/11 12:23:16| ERROR: Can not open file \/etc\/squid\/malware_block_list for reading
…\/08\/11 12:23:16| Warning: empty ACL: acl malware_block_list url_regex -i "\/etc\/squid\/malware_block_list"
…\/08\/11 12:23:16| Processing: acl blacklist dstdom_regex "\/etc\/squid\/blacklist"
…\/08\/11 12:23:17| \/etc\/squid\/squid.conf line 20: acl blacklist dstdom_regex "\/etc\/squid\/blacklist"
…\/08\/11 12:23:17| WARNING: there are more than 100 regular expressions. Consider using less REs or use rules without expressions like 'dstdomain'.<\/em><\/p>\n

Restart Squid.
$sudo \/etc\/init.d\/squid restart<\/strong><\/p>\n

3.3 Download script malware_block_list to update domains and IP addresses , unpack and save it to \/etc\/squid
$wget -c <\/strong>https:\/\/ffteixeira.net\/blog\/sites\/default\/files\/malware_block_list.tar_.bz2 <\/strong>(rename malware_block_list.tar_.bz2  to malware_block_list.tar.bz2) || wget -c http:\/\/terminal28.com\/wp-content\/uploads\/2013\/10\/malware_block_list.tar.bz2<\/strong>
$sudo tar -xvf malware_block_list.tar.bz2
$sudo mv malware_block_list \/usr\/local\/bin\/
$sudo chmod +x \/usr\/local\/bin\/malware_block_list
$sudo touch  \/var\/log\/malware_block_list.log<\/strong><\/p>\n

Add script malware_block_list to Cron.
$sudo crontab -e<\/strong><\/p>\n

add
    
@daily \/usr\/local\/bin\/malware_block_list<\/em><\/p>\n

Logfile location: \/var\/log\/malware_block_list.log.   Go to  MalwarePatrol.net, click tab: Block List. You should see subscription list: free and paid. Click Free\/Subscribe. Subscribe the list. You should get password\/receipt number on email. Log in to: https:\/\/www.malwarepatrol.net\/login.php; and find Squid Web Proxy ACL and click Download. You will be redirected to website\/text with malware list. Every subscription has unique receipt number receipt=f1234567890. https:\/\/lists.malwarepatrol.net\/cgi\/getfile?receipt=f1234567890&product=8&list=squid Copy URL and paste to script near link. Edit: link, user, pass.<\/p>\n

$sudo nano \/usr\/local\/bin\/malware_block_list<\/strong><\/p>\n

link='PASTE_LINK_FROM_MALWAREPATROL.NET'
user='–http-user=USERNAME'
passwd='–http-passwd=PASSWORD'<\/em><\/p>\n

Note:<\/strong> Change squid3 to squid<\/p>\n

##————————————- My test config. —————————
#!\/bin\/sh
### ###
###
### Squid3 Installation and Configuration.
###
### Polish version
###
### http:\/\/man.sethuper.com\/instalacja-squid-proxy-serwer-clamav-squidclamav-c-icap-serwer-debian-6-0-x
###
#=======================================================================================================================
###
### English version
###
### http:\/\/terminal28.com\/how-to-install-and-configure-squid-proxy-server-clamav-squidclamav-c-icap-server-debian-linux\/
###
### ###<\/p>\n

# If you don't want to log wget debug output remove "$debug" in line (51) "fetchcmd"<\/p>\n

## Setings
# Malware patrol URL with unique ID
# Change ID after receipt in link (..getfile?receipt=f138125701..)
link='https:\/\/lists.malwarepatrol.net\/cgi\/getfile?receipt=f1502379316&product=8&list=squid'<\/p>\n

# HTTP USER
user='–http-user=<user>'<\/p>\n

# HTTP PASSWORD
pass='–http-passwd=<passwd>'<\/p>\n

# Checking certificate
cert='–no-check-certificate'<\/p>\n

# File location for Squid
target='\/etc\/squid\/malware_block_list'<\/p>\n

# Reload Squid
reloadcmd='\/usr\/sbin\/squid -k reconfigure'<\/p>\n

# Temporary file
tmp="\/tmp\/.malware_block_list.$$"<\/p>\n

# Wget debud
#debug="-nva \/var\/log\/squid\/malware_block_list.log"<\/p>\n

# Command for download malware list
#I remove de debug because error
#fetchcmd="wget -q  –no-check-certificate  $link -O $tmp $user $pass $debug"
fetchcmd="wget -q  –no-check-certificate  $link -O $tmp $user $pass"<\/p>\n

# ——-<\/p>\n

# Log file
logs='\/var\/log\/squid\/malware_block_list.log'<\/p>\n

## execution
##
echo "$(date -R) Downloading new malware_block_list" >> "$logs"<\/p>\n

# Downloading new malware_block_list from Malware Patrol
$fetchcmd<\/p>\n

# Checking temporary file – "OK" – before overwrite old malware list
if [ ! -s $tmp ]
then
echo "$(date -R) The temporary file '$tmp' does not exist or is empty; resignation" >> "$logs"
exit
fi<\/p>\n

# moving malware_black_list to directory \/etc\/squid3\/
cp  $tmp $target<\/p>\n

# removing temporary file
rm $tmp<\/p>\n

# restart Squid
$reloadcmd
##———————————————————————————<\/em><\/p>\n

 
$sudo sh \/usr\/local\/bin\/malware_block_list<\/strong><\/p>\n

4. Install Clamav-server.
$sudo apt-get install clamav-daemon
$sudo mkdir install
$cd install
$sudo wget https:\/\/sourceforge.net\/projects\/c-icap\/files\/c-icap\/0.5.x\/c_icap-0.5.2.tar.gz\/download -O c_icap-0.5.2.tar.gz
$sudo tar -xvf c_icap-0.5.2.tar.gz
$cd c_icap-0.5.2
$sudo .\/configure
$sudo make
$sudo make install
$cd ..<\/strong><\/p>\n

Edit configfile  \/usr\/local\/etc\/c-icap.conf.
$sudo nano \/usr\/local\/etc\/c-icap.conf<\/strong><\/p>\n

Change:<\/p>\n

Line 223: ServerAdmin root@localhost
Line 232: ServerName YourServerName<\/em><\/p>\n

Add at line 708:<\/p>\n

Service squidclamav squidclamav.so<\/em><\/p>\n

4.1 C-ICAP server autostart script.
$wget -c  <\/strong>https:\/\/ffteixeira.net\/blog\/sites\/default\/files\/c-icap-autostart.tar_.gz <\/strong>(rename c-icap-autostart.tar_.gz  to c-icap-autostart.tar.gz) || wget -c http:\/\/terminal28.com\/wp-content\/uploads\/2013\/10\/c-icap-autostart.tar.gz
$sudo tar xvf c-icap-autostart.tar.gz
$sudo rsync -avh init.d default \/etc
$sudo update-rc.d c-icap defaults<\/strong><\/p>\n

4.2 Create logrotate script for c-icap server.
$sudo cat << EOT > \/etc\/logrotate.d\/c-icap<\/strong><\/p>\n

\/usr\/local\/var\/log\/server.log \/usr\/local\/var\/log\/access.log {
     daily
     rotate 4
     missingok
     notifempty
     compress
     create 0644 root root
     postrotate
     \/etc\/init.d\/c-icap force-reload > \/dev\/null
     endscript
}
EOT<\/em><\/p>\n

4.3 Change permission for c-icap logrotate script and server logs.
$sudo chmod 644 \/etc\/logrotate.d\/c-icap
$sudo chown root:root \/etc\/logrotate.d\/c-icap
$sudo chmod 644 \/usr\/local\/var\/log\/ -R
$sudo chown root:root \/usr\/local\/var\/log\/ -R
$sudo ln -s \/usr\/local\/var\/log\/server.log \/var\/log\/server.log
$sudo ln -s \/usr\/local\/var\/log\/access.log \/var\/log\/access.log<\/strong><\/p>\n

5. Install Squidclamav
$cd install
$wget -c https:\/\/sourceforge.net\/projects\/squidclamav\/files\/squidclamav\/6.15\/squidclamav-6.15.tar.gz\/download -O squidclamav-6.15.tar.gz
$sudo tar zxvf squidclamav-6.15.tar.gz
$cd squidclamav-6.15
$sudo .\/configure
$sudo make
$sudo make install
$cp -rf cgi-bin \/usr\/lib\/
$chmod +x \/usr\/lib\/cgi-bin\/clwarn* -R
$chown www-data:www-data \/usr\/lib\/cgi-bin\/clwarn* -R
$cd ..
$sudo ldconfig<\/strong><\/p>\n

5.1 Configure squidclamav.
$sudo nano \/usr\/lcocal\/etc\/squidclamav.conf<\/strong><\/p>\n

Add redirect URL – default script – clwarn.cgi (en). You can choose diferent language: DE, FR, BR, RU.<\/p>\n

Line 18: redirect http:\/\/YourServerName\/cgi-bin\/clwarn.cgi<\/em><\/p>\n

Make sure the rule occurs in configfile.<\/p>\n

Line 27: clamd_local \/var\/run\/clamav\/clamd.ctl<\/em><\/p>\n

6. Checking config file – ClamAV, make sure the rule occurs in configfile.
$sudo nano \/etc\/clamav\/clamd.conf<\/strong><\/p>\n

Line 4: LocalSocket \/var\/run\/clamav\/clamd.ctl<\/em><\/p>\n

Configure Freshclam.
$sudo nano \/etc\/clamav\/freshclam.conf<\/strong><\/p>\n

Line 22: SafeBrowsing true<\/em><\/p>\n

6.1 Register on Securiteinfo.com: https:\/\/www.securiteinfo.com\/clients\/customers\/signup
Subscribe basic list for clamav. You should get auto generated urls for clamav database under tab: Setup.
Download allowed from 1 IP address, limited to 24 downloads per day
Add generated URLS to freshclam.conf file at the end.<\/p>\n

DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/3b4d0…5764\/securiteinfo.hdb
DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/3b4b…eafd\/securiteinfo.ign2
DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/3b4d0d…61eafd\/javascript.ndb
DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/34d…81f\/spam_marketing.ndb
DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/3b…61eafd\/securiteinfohtml.hdb
DatabaseCustomURL http:\/\/www.securiteinfo.com\/get\/signatures\/3b…365afd\/securiteinfoascii.hdb<\/em><\/p>\n

Restart ClamAV.
$sudo \/etc\/init.d\/clamav-daemon restart<\/strong><\/p>\n

7. Configure Squid with C-ICAP. Configuration for Squid version – 3.1.20.
$sudo nano \/etc\/squid\/squid.conf<\/strong><\/p>\n

Add at the end of the file<\/p>\n

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_service service_req reqmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/squidclamav
adaptation_access service_resp allow all<\/em><\/p>\n

Configuration for Squid version – 3.1.6.
$sudo nano \/etc\/squid\/squid.conf<\/strong><\/p>\n

Add at the end of the file<\/p>\n

icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Client-Username
icap_preview_enable on
icap_preview_size 1024
adaptation_service_set service_req
icap_service service_req reqmod_precache bypass=1 icap:\/\/127.0.0.1:1344\/request
adaptation_access service_req allow all<\/p>\n

adaptation_service_set service_resp
icap_service service_resp respmod_precache bypass=0 icap:\/\/127.0.0.1:1344\/response
adaptation_access service_resp allow all<\/em><\/p>\n

Run C-ICAP server.
$sudo \/usr\/local\/bin\/c-icap &<\/strong><\/p>\n

8. Restart Squid.
$sudo chown -R proxy:proxy \/var\/spool\/squid
$sudo squid -z
$sudo service squid restart<\/strong><\/p>\n

9. Configure firewall – masquerade, prerouting.
Enable forwarding. Edit configfile sysctl.conf
$sudo nano \/etc\/sysctl.conf<\/strong><\/p>\n

Uncomment IPv4 i IPv6 and change to 1:<\/p>\n

Line 28: net.ipv4.ip_forward = 1
Line 33: net.ipv6.conf.all.forwarding = 1<\/em><\/p>\n

##——————- Not used ———————
9.1. Configure firewall – iptables.<\/p>\n

$sudo nano \/etc\/iptables.up.rules<\/p>\n

Add rules (Change address IP and network interface)<\/p>\n

*nat<\/p>\n

-A PREROUTING -p tcp -m tcp -i eth1 –dport 80 -j REDIRECT –to-ports 3128
-A POSTROUTING -s 192.168.0.0\/24 -j MASQUERADE<\/em>
 ##—————————————————–<\/p>\n

10. Test.<\/p>\n

If you have done it right then..
.. go to: http:\/\/www.eicar.org\/85-0-Download.html and try to download file:<\/p>\n

eicar.com
68 Bytes<\/p>\n

Result:
You should be redirected to:<\/p>\n

    http:\/\/YourServerName\/cgi-bin\/clwarn.cgi, http:\/\/YourServerName\/error.html.<\/p>\n

11. Sarg<\/a> and squidguard<\/a><\/p>\n

Credits<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

1. Install some needed dependencies.$sudo apt-get install gcc make curl libcurl4-gnutls-dev rsync 2. Install and Configure Squid Proxy Server.$sudo apt-get install squid3 calamaris 3.Edit config file \/etc\/squid\/squid.conf:$sudo cp squid.conf squid.conf.ORIG Backup$sudo cp \/etc\/squid\/squid.conf \/etc\/squid\/squid.conf.bak To simplify the configuration file (squid.conf), … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[5,6,9,31,35,36,37],"class_list":["post-205","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-c-icap","tag-clamav","tag-debian-9","tag-proxy","tag-server","tag-squid","tag-squidclamav"],"_links":{"self":[{"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=\/wp\/v2\/posts\/205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=205"}],"version-history":[{"count":0,"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=\/wp\/v2\/posts\/205\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ffteixeira.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}