HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
Is my configuration bad for HAVP? http://havp.hege.li/forum/viewtopic.php?f=3&t=170 |
Page 1 of 1 |
Author: | buck [ 16 Oct 2006 22:26 ] |
Post subject: | Is my configuration bad for HAVP? |
When I attempt to place an order over the web, I see the HTML code rather than the expected page. Disabling HAVP 0.82 fixes this; havp uses clamav, which is current. Putting the IP in the whitelist does not resolve the problem. What am I doing wrong? whitelist: x.y.z.205/* Steps to recreate: http://x.y.z.205/appfinityweborder login 0012 password april customer alr08 item # 1 quantity 700 ENTER click SAVE SECOND SUBJECT: Is it possible to whitelist by IP address, specifying a range? I want to whitelist x.y.z.200/29* so that any url from any IP between .202 and .206 is whitelisted. -- buck |
Author: | buck [ 17 Oct 2006 08:27 ] |
Post subject: | |
Quote: When I attempt to place an order over the web, I see the HTML code rather than
the expected page. Disabling HAVP 0.82 fixes this; havp uses clamav, which is current. Putting the IP in the whitelist does not resolve the problem. I got around this by creating nat rules with iptables: #!/bin/bash # /usr/sbin/havp.sh # Remove all rules added after the 'if' below: iptables -t nat -D PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j HAVP 2>/dev/null iptables -t nat -D HAVP -p tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to 192.168.1.1:8080 2>/dev/null # Exceptions: iptables -t nat -D HAVP -d c.b.a.144/29 -j RETURN 2>/dev/null iptables -t nat -D HAVP -d x.y.z.200/29 -j RETURN 2>/dev/null # End exceptions iptables -t nat -X HAVP 2>/dev/null if [ "$1" = "up" ] || [ "$1" = "start" ]; then iptables -t nat -N HAVP # Exceptions: iptables -t nat -A HAVP -d x.y.z.200/29 -j RETURN iptables -t nat -A HAVP -d c.b.a.144/29 -j RETURN # End exceptions iptables -t nat -A HAVP -p tcp -s 192.168.1.0/24 --dport 80 -j DNAT --to 192.168.1.1:8080 iptables -t nat -A PREROUTING -p tcp -s 192.168.1.0/24 --dport 80 -j HAVP fi # EOF havp.sh -- buck |
Author: | hege [ 17 Oct 2006 09:03 ] |
Post subject: | Re: Is my configuration bad for HAVP? |
buck wrote: When I attempt to place an order over the web, I see the HTML code rather than the expected page. Disabling HAVP 0.82 fixes this; havp uses clamav, which is current. Putting the IP in the whitelist does not resolve the problem. What am I doing wrong? This could be a bug, but I would need to access the page to verify it. Quote: SECOND SUBJECT: Is it possible to whitelist by IP address, specifying a
range? I want to whitelist x.y.z.200/29* so that any url from any IP between .202 and .206 is whitelisted. It's recommended to use Squid before HAVP (and after) so you can do this all easier and more efficiently. Perhaps whitelisting IP's is added later to HAVP. Cheers, Henrik |
Author: | buck [ 18 Oct 2006 09:20 ] |
Post subject: | |
Henrik, I cannot post the URL in a public forum, but if you will send me a message off list I will reply with the information you need. buckprivatemil yahoo com I appreciate your offer to check this out. Thank you. -- buck |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |