HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
https problem http://havp.hege.li/forum/viewtopic.php?f=3&t=351 |
Page 1 of 1 |
Author: | chaq5533 [ 31 Mar 2008 08:24 ] |
Post subject: | https problem |
Hi all I use squid ---> havp ----> squid and the configuration used on both squid and havp taken directly from developer documentation. Everything work just fine except that when i try to access https website my squid still direct me to havp and i got error message from havp " invalid request". My OS is Centos5, squid 2.6 stable6 and HAVP 0.87. Does anyone out there experience the problem ? BTW thanks for the good job. chaq [/list] |
Author: | lebensgefahr [ 31 Mar 2008 08:52 ] |
Post subject: | |
I think that you can try use this settings: acl HTTPS proto HTTPS and than you can use this acl to connect directly to https website by this settings always_direct allow HTTPS By this settings first squid will try to connect to website without HAVP. Another way - it is to compile havp with HTTPS support i think. |
Author: | hege [ 31 Mar 2008 10:07 ] |
Post subject: | |
Actually I'm not sure if the example will work in all cases.. I updated it to be: acl HTTPS method CONNECT |
Author: | chaq5533 [ 01 Apr 2008 02:05 ] |
Post subject: | https problem |
Thanks for the reply, Finally it works. When i use acl HTTPS protocol HTTPS it didnt work and what recomended by hege work. Thank you hege and thank you everybody. chaq |
Author: | jackdragma [ 26 May 2008 04:21 ] |
Post subject: | Re: https problem |
Hi, I have the same problem but in my squid.conf is present ACL HTTPS method CONNECT acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl red src 192.168.1.0/255.255.255.0 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl HTTPS method CONNECT acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow red Safe_ports http_access deny !Safe_ports http_access allow localhost http_access deny all When I open any HTTPS page the result is a template of HAVP that says HAVP The request is unknown: invalid request When I desactive HAVP and I try to navigate for HTTPS pages all runs correctly Thanks for your answers. |
Author: | hege [ 26 May 2008 10:31 ] |
Post subject: | Re: https problem |
jackdragma wrote: I have the same problem but in my squid.conf is present ACL HTTPS method CONNECT You only define acl, but don't USE it anywhere? Where are your never_direct, cache_peer_access etc? See: http://havp.hege.li/forum/viewtopic.php?f=2&t=11 |
Author: | jackdragma [ 26 May 2008 20:08 ] |
Post subject: | Re: https problem |
My scenario is: User (8080) -> Dansguardian(8080)-> HAVP(8090) -> Squid (3128) -> Internet Do I need cache_peer or other commands? any suggestions? I don't know how to configure correctly Thanks. |
Author: | hege [ 26 May 2008 20:35 ] |
Post subject: | Re: https problem |
jackdragma wrote: My scenario is: User (8080) -> Dansguardian(8080)-> HAVP(8090) -> Squid (3128) -> Internet Do I need cache_peer or other commands? any suggestions? I don't know how to configure correctly In this case you don't need much. User browser must not be configured to use proxy for SSL connections. Dansguardian should have config to connect to HAVP. In HAVP you just need to configure PARENTPROXY 127.0.0.1 and PARENTPORT <squidport>. There is nothing special that you need in Squid as it will connect directly to internet. |
Author: | jackdragma [ 27 May 2008 01:01 ] |
Post subject: | Re: https problem |
Another question, When I try to connect squid directly (only squid), HTTPS pages run correctly and the same when work DANS+SQUID. But with havp->squid fails, so probably I haven't included SSL in havp. How do I compile HAVP with SSL? |
Author: | jackdragma [ 27 May 2008 02:38 ] |
Post subject: | Re: https problem |
All runs perfect! I have compiled again HAVP with ./configure --enable-ssl-tunnel --with-scanner=libclamav make make install I can see Gmail, Hotmail, Banks and HTTPS pages in all PCs. Thanks Hydra!! |
Author: | hege [ 27 May 2008 07:12 ] |
Post subject: | Re: https problem |
Are you firewalling outgoing connections or stopping some SSL connections with Dansguardian? There is no point using proxy for SSL otherwise. You will just waste resources and may have bugs with some sites. |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |