| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| Delay Pools And Havp dont mix http://havp.hege.li/forum/viewtopic.php?f=3&t=369 |
Page 1 of 1 |
| Author: | sonatta [ 18 Jun 2008 17:43 ] |
| Post subject: | Delay Pools And Havp dont mix |
Hi I believe HAVP faltters when used with squid delay pool. We are using Endian firewall with HAVP and a user base of over 2000. Delay pools work great when HAVP is turned off, but Squid hangs forever when HAVP is turned on. Already beginning to think of ways to chain proxies together to achieve the same result. Please help |
|
| Author: | hege [ 18 Jun 2008 18:47 ] |
| Post subject: | Re: Delay Pools And Havp dont mix |
I'm not sure how that would affect it.. Is your delay pool squid before or after HAVP? Sandwich? What Squid version? Not sure how Endian is using HAVP today.. Paste the relevant configuration lines here from Squid if you want.. |
|
| Author: | sonatta [ 18 Jun 2008 21:19 ] |
| Post subject: | Re: Delay Pools And Havp dont mix |
Thanks. Here it is #######SQUID.CONF########### #Following Delay Pools Work as they should when HAVP is commented out/shut off###### shutdown_lifetime 1 seconds icp_port 0 http_port 0.0.0.0:8080 transparent cache_effective_user squid cache_effective_group squid pid_filename /var/run/squid.pid cache_mem 256 MB cache_dir aufs /var/spool/squid 500 16 256 error_directory /usr/share/squid/errors/English max_filedesc 12729 server_persistent_connections off half_closed_clients off buffered_logs on offline_mode on cache_log /var/log/squid/cache.log cache_access_log syslog:local6.info cache_store_log none useragent_log /var/log/squid/useragent.log strip_query_terms off log_mime_hdrs off forwarded_for on acl default_safe_ports port "/var/efw/proxy/profiles/default/acls/safeports.acl" acl default_ssl_ports port "/var/efw/proxy/profiles/default/acls/safesslports.acl" acl default_0_timeframe time MTWHFAS 00:00-24:00 acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl CONNECT method CONNECT acl EFW_http port 80 acl EFW_https port 10443 acl EFW_ips dst 192.168.1.15 acl EFW_networks src "/var/efw/proxy/acls/src_subnets.acl" acl EFW_dst_networks dst "/var/efw/proxy/acls/src_subnets.acl" acl HAVP_ALLOWED_PROTOS proto HTTP acl HAVP_ALLOWED_PROTOS proto SSL acl QUERY urlpath_regex cgi-bin \\? cache deny QUERY cache deny localhost cache deny CONNECT cache allow all acl EFW_src_green src 192.168.1.0/255.255.255.0 acl EFW_dst_green dst 192.168.1.0/255.255.255.0 acl manager proto cache_object http_access allow manager EFW_ips http_access deny manager header_access Via deny all http_access allow localhost http_access allow EFW_ips EFW_networks EFW_http http_access allow CONNECT EFW_ips EFW_networks EFW_https http_access deny !default_safe_ports !default_ssl_ports http_access deny CONNECT !default_ssl_ports http_access allow EFW_networks default_0_timeframe http_access deny all http_reply_access allow localhost http_reply_access allow EFW_networks http_reply_access deny all #################################################### delay_pools 1 delay_class 1 3 delay_parameters 1 -1/-1 -1/-1 30000/50000 delay_access 1 allow EFW_networks #################################################### maximum_object_size 4096 KB minimum_object_size 0 KB request_body_max_size 0 KB reply_body_max_size 0 allow all cache_peer 127.0.0.1 parent 9999 0 no-query no-digest no-netdb-exchange name=dansguardian login=*:password cache_peer_access dansguardian deny localhost cache_peer_access dansguardian deny !HAVP_ALLOWED_PROTOS cache_peer 127.0.0.1 parent 9998 0 no-query no-digest no-netdb-exchange name=havp login=*:password cache_peer_access havp deny localhost cache_peer_access havp deny !HAVP_ALLOWED_PROTOS cache_peer_access dansguardian allow EFW_networks default_0_timeframe cache_peer_access havp deny EFW_networks default_0_timeframe cache_peer_access dansguardian deny EFW_networks cache_peer_access havp deny EFW_networks never_direct deny localhost never_direct deny !HAVP_ALLOWED_PROTOS all default_0_timeframe never_direct allow all default_0_timeframe never_direct allow all ######################################## No high CPU USAGE, nothing unusual etc, the box just hangs and nothing seems to happen, but every thing comes to life the moment HAVP is shut down!!!. The same holds true when HAVP is run without delay pools in effect. Works like a charm. Its only when they play together the problem occurs ########HAVP.CONF######################### USER clamav GROUP clamav PIDFILE /var/run/havp/havp.pid SERVERNUMBER 20 MAXSERVERS 400 USESYSLOG false SYSLOGNAME havp SYSLOGFACILITY local4 SCANTEMPFILE /var/spool/havp/havp-XXXXXX DBRELOAD 60 DAEMON true TRANSPARENT false PARENTPROXY 127.0.0.1 PARENTPORT 8080 LOG_OKS false FORWARDED_IP false PORT 9998 BIND_ADDRESS 127.0.0.1 SOURCE_ADDRESS 127.0.0.1 DISPLAYINITIALMESSAGES true TEMPLATEPATH /etc/havp/templates/en WHITELIST /etc/havp/whitelist BLACKLIST /etc/havp/blacklist MAXSCANSIZE 5242880 KEEPBACKBUFFER 1000000 TRICKLING 5 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS gnome-vfs xine ENABLECLAMLIB true SCANIMAGES false CLAMBLOCKMAX false CLAMBLOCKENCRYPTED false CLAMMAXFILES 1000 CLAMMAXRECURSION 5 CLAMMAXRATIO 1000 CLAMMAXFILESIZE 50 ########################################## |
|
| Author: | sonatta [ 21 Jun 2008 15:37 ] |
| Post subject: | Re: Delay Pools And Havp dont mix |
Any one.....please |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|