| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| Logs http://havp.hege.li/forum/viewtopic.php?f=3&t=392 |
Page 1 of 1 |
| Author: | helge [ 09 Oct 2008 11:21 ] |
| Post subject: | Logs |
Hi, playing around a bit with HAVP with squid3 and got a few questions. The reason I have turned to HAVP is that my boss asked me to create a new proxy solution (currently running squid2.6 only..), but with antivirus implemented. I have installed bit HAVP and squid3 on a test server, set havp to use 127.0.0.1 3128 as parent proxy (the squid3 service) set my IE to use the HAVP port as proxy port, and all works fine, then I installed MySAR for squid reporting as I have done on the previous squid server and when I saw the first results it hit me.... All source IPs and cache % ratios etc comes from source 127.0.0.1. I guess if I put up a squid before the HAVP I will get the correct source IPs, but then that squid process wount cache thus we wount get any cache hit ratios. Any thaughts on how to both use HAVP with SQUID and still be able to pull out good reports with source IPs and all from the squid logs? Think I read that its not recomended to put the squid server before the havp server, so client -> squid3 (caching on) -> havp -> firewall -> internett isnt a good idea, or? |
|
| Author: | hege [ 09 Oct 2008 11:44 ] |
| Post subject: | Re: Logs |
Until HAVP supports ICAP, the only reasonable configuration is squid->havp->squid: viewtopic.php?f=2&t=11 You need to run 2 squid instances, if you want caching after HAVP. You current configuration is ok, if you want to take the chance of getting 0-day virus from cache. Squid 2.6-2.7 support this, if you want to try after HAVP: http://www.squid-cache.org/Versions/v2/ ... d_for.html |
|
| Author: | helge [ 09 Oct 2008 11:59 ] |
| Post subject: | Re: Logs |
But as of now, as I have client -> havp -> squid3 -> firewall -> internett, I guess the cache process is ok, and we're also protected against viruses while browsing. Only problem with this setup as far as I can see is the lack of reporting possibilities, right? |
|
| Author: | hege [ 09 Oct 2008 13:38 ] |
| Post subject: | Re: Logs |
Right. I don't think Squid3 can use the forwaded ip. |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|