|
Hi all,
i configured my proxy as SQUID - HAVP - SQUID, and my browser still able to download virus file (eicar). BUT if i only used HAVP to download virus, HAVP able to detect the virus and block it. Please correct me if my settings as below are wrong ...
HAVP.config
========
TEMPDIR /tmp
PARENTPROXY 127.0.0.1
PARENTPORT 8081
PORT 8090
BIND_ADDRESS 127.0.0.1
MAXSCANSIZE 5000000
ENABLECLAMLIB true
CLAMDBDIR /usr/local/share/clamav
# other settings all set to DEFAULT
SQUID.conf
========
http_port 81
http_port 127.0.0.1:8081
acl FROM_HAVP myport 8081
log_access deny FROM_HAVP
cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default
cache_peer 127.0.0.1 parent 8081 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange
prefer_direct off
nonhierarchical_direct off
acl HTTPS proto HTTPS
always_direct allow HTTPS
never_direct allow !FROM_HAVP
cache_peer_access havp deny FROM_HAVP
cache_peer_access havp deny HTTPS
cache_peer_access havp allow all
cache_peer_access squid2 allow all
cache_peer_access squid2 deny FROM_HAVP
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl white src "/etc/squid/whitelist.txt" # my whitelist ip address
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow white
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
# other settings all set to DEFAULT
Please HELP ...
Thank you
Regards,
Kenny
|
