HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 11 posts ] 
Author Message
 Post subject: https problem
PostPosted: 31 Mar 2008 08:24 
Offline

Joined: 26 May 2007 03:00
Posts: 11
Hi all

I use squid ---> havp ----> squid and the configuration used on both squid and havp taken directly from developer documentation. Everything work just fine except that when i try to access https website my squid still direct me to havp and i got error message from havp " invalid request".
My OS is Centos5, squid 2.6 stable6 and HAVP 0.87. Does anyone out there experience the problem ? BTW thanks for the good job.

chaq
[/list]


Top
 Profile  
 
 Post subject:
PostPosted: 31 Mar 2008 08:52 
Offline

Joined: 28 Mar 2008 16:15
Posts: 5
I think that you can try use this settings:
acl HTTPS proto HTTPS
and than you can use this acl to connect directly to https website by this settings
always_direct allow HTTPS
By this settings first squid will try to connect to website without HAVP.
Another way - it is to compile havp with HTTPS support i think.


Top
 Profile  
 
 Post subject:
PostPosted: 31 Mar 2008 10:07 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Actually I'm not sure if the example will work in all cases..

I updated it to be:

acl HTTPS method CONNECT


Top
 Profile  
 
 Post subject: https problem
PostPosted: 01 Apr 2008 02:05 
Offline

Joined: 26 May 2007 03:00
Posts: 11
Thanks for the reply,

Finally it works. When i use acl HTTPS protocol HTTPS it didnt work and what recomended by hege work. Thank you hege and thank you everybody.

chaq


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 26 May 2008 04:21 
Offline

Joined: 19 Apr 2008 19:16
Posts: 13
Hi,

I have the same problem but in my squid.conf is present ACL HTTPS method CONNECT

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl red src 192.168.1.0/255.255.255.0
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl HTTPS method CONNECT
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow red Safe_ports
http_access deny !Safe_ports
http_access allow localhost
http_access deny all

When I open any HTTPS page the result is a template of HAVP that says

HAVP
The request is unknown:
invalid request

When I desactive HAVP and I try to navigate for HTTPS pages all runs correctly :(

Thanks for your answers.


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 26 May 2008 10:31 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
jackdragma wrote:
I have the same problem but in my squid.conf is present ACL HTTPS method CONNECT


You only define acl, but don't USE it anywhere? Where are your never_direct, cache_peer_access etc?

See: http://havp.hege.li/forum/viewtopic.php?f=2&t=11


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 26 May 2008 20:08 
Offline

Joined: 19 Apr 2008 19:16
Posts: 13
My scenario is:

User (8080) -> Dansguardian(8080)-> HAVP(8090) -> Squid (3128) -> Internet

Do I need cache_peer or other commands? any suggestions? I don't know how to configure correctly :(

Thanks.


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 26 May 2008 20:35 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
jackdragma wrote:
My scenario is:

User (8080) -> Dansguardian(8080)-> HAVP(8090) -> Squid (3128) -> Internet

Do I need cache_peer or other commands? any suggestions? I don't know how to configure correctly :(


In this case you don't need much. User browser must not be configured to use proxy for SSL connections.

Dansguardian should have config to connect to HAVP.

In HAVP you just need to configure PARENTPROXY 127.0.0.1 and PARENTPORT <squidport>.

There is nothing special that you need in Squid as it will connect directly to internet.


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 27 May 2008 01:01 
Offline

Joined: 19 Apr 2008 19:16
Posts: 13
Another question,

When I try to connect squid directly (only squid), HTTPS pages run correctly and the same when work DANS+SQUID.

But with havp->squid fails, so probably I haven't included SSL in havp.

How do I compile HAVP with SSL?


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 27 May 2008 02:38 
Offline

Joined: 19 Apr 2008 19:16
Posts: 13
All runs perfect!

I have compiled again HAVP with

./configure --enable-ssl-tunnel --with-scanner=libclamav
make
make install

I can see Gmail, Hotmail, Banks and HTTPS pages in all PCs.

Thanks Hydra!!


Top
 Profile  
 
 Post subject: Re: https problem
PostPosted: 27 May 2008 07:12 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Are you firewalling outgoing connections or stopping some SSL connections with Dansguardian?

There is no point using proxy for SSL otherwise. You will just waste resources and may have bugs with some sites.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group