| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| Squid doesn't cache objects http://havp.hege.li/forum/viewtopic.php?f=3&t=326 |
Page 2 of 2 |
| Author: | DrKewp [ 19 Apr 2008 00:11 ] |
| Post subject: | Re: Squid doesn't cache objects |
Dang, you are correct. Back to the old drawing board! I'm determined to fix this so I'll post an update if I figure something out. |
|
| Author: | jackdragma [ 19 Apr 2008 19:48 ] |
| Post subject: | Re: Squid doesn't cache objects |
Hi, Apolo_1 I am interested in your configurations. Do you could show? I have many problems to configure correctly dansguardian + havp (clamav) + squid. If anyone has any similar configuration would be a great help. I am a novice and I find it difficult to understand some things because my English is not very good. What is the difference between client-> squid-> havp or client-> havp-> squid? Thank you all |
|
| Author: | DrKewp [ 19 Apr 2008 20:04 ] |
| Post subject: | Re: Squid doesn't cache objects |
jackdragma wrote: What is the difference between client-> squid-> havp or client-> havp-> squid? Thank you all client-> squid-> havp == virus may be cached and sent to client. client-> havp-> squid == HAVP scans all cache content, but you lose the nice ACL's squid provides. Best solution remains client->squid(proxy-only)->havp->squid(proxy-cache) With ACL's on first squid, you can skip havp for certain domains or traffic/file types. This is what I want/need for a high-volume deployment. *However*, as has been discussed in this thread, it would appear you need to run two separate instances of squid for this to work. Either on two different boxes (example, squid proxy+havp on box 1, squid cache on box 2) or two separate squid process each with unique config files. |
|
| Author: | DrKewp [ 20 Apr 2008 06:05 ] |
| Post subject: | Re: Squid doesn't cache objects |
Ok so I just spent a day migrating my config to separate squid processes, one proxy only and the other a proxy/cache. So far this works great and I think its the right solution for us. Our box is a dual quad-core so having separate processes is better anyway. Additionally, the config files are cleaner and the whole process is better from a security perspective, as you can actually disable all caching on the public squid proxy interface, so no chance of caching malware there. |
|
| Author: | hydrapolic [ 21 Apr 2008 14:25 ] |
| Post subject: | Re: Squid doesn't cache objects |
Yes, I just observed the same problem today  I have used the solution provided above, so the topology looks like:winpc --> dansguardian (8080) --> havp (8090) --> squid (3128) So once the windows computers try to load a page, it will be checked for forbidden domains by dansguardian, then it will be scanned for viruses and finally what is worth caching will be cached with squid. Additionally, adzapper can be run from squid. Thanks guys. |
|
| Author: | hydrapolic [ 24 Apr 2008 18:39 ] |
| Post subject: | Re: Squid doesn't cache objects |
Hi guys, seems like the solution above is wrong. Relevant configuration: dansguardian.conf filterip = 192.168.50.105 filterport = 8080 proxyip = 127.0.0.1 proxyport = 8090 havp.config PARENTPROXY 127.0.0.1 PARENTPORT 3128 PORT 8090 BIND_ADDRESS 127.0.0.1 squid.conf http_port 3128 All works fine, but the virus is cached by squid: 127.0.0.1 TCP_MEM_HIT/200 582 GET http://www.eicar.org/download/eicar.com - NONE/- application/x-msdos-program How can this be fixed ? Thanks in advance. |
|
| Author: | DrKewp [ 24 Apr 2008 19:23 ] |
| Post subject: | Re: Squid doesn't cache objects |
hydrapolic wrote: All works fine, but the virus is cached by squid: 127.0.0.1 TCP_MEM_HIT/200 582 GET http://www.eicar.org/download/eicar.com - NONE/- application/x-msdos-program How can this be fixed ? Thanks in advance. It's supposed to be cached by squid. Thats what squid does. It doesn't know that the content in malicious. The important thing is that havp scans all the cached content and doesn't deliver it to the client. If you don't want squid to cache viruses, you will either need to write an acl to instruct it to not cache (no_cache) certain file/mime types or write a daemon to watch the havp file and purge objects that have viruses. I personally like the fact that squid caches malicious objects, as I plan on adding a malware collector that pulls them from the cache and archives them for our bestiary. |
|
| Author: | hydrapolic [ 24 Apr 2008 19:29 ] |
| Post subject: | Re: Squid doesn't cache objects |
Ok, so it's a feature, not a bug Thanks for the reply, I can sleep calmly now
|
|
| Page 2 of 2 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|