HTTP Anti-Virus Proxy

Hi,

I have a setup like this:
User/browser ==> Havp ==> Squid ==> Internet
It is compiled with --enable-ssl-tunnel --with-scanner=libclamav

I can access http & https websites just fine.

However, on connecting to certains https sides I have problems.
I use the brz (baraar source code versioning) to download sources from the internet.
When https://user:password@site.example.com/bzr/project/

bzr says: ERROR: Transport error: Server refuses to fullfil the request

And Havp says: Invalid request from browser

If I disable havp and go directly to squid, there is no problem.

Since havp should just tunnel https, has anyone an idea why it would give errors based on the https headers or content?

Thanks in advance,

It maybe be some strange HTTPS requirement that HAVP doesn't know how to fullfill.

My advice is to not use HAVP to tunnel, it has drawbacks and no positives. Point your browser SSL to to Squid or don't proxy it.

Hmm.
But I need to make that change transparent to my users, and don't have a way to push a proxypac either. Browsers are configured to connected to http://proxy.mydomain.com:80.

I could try doing the "squid sandwich" that is mentioned elsewhere in the forum:
User > Squid > Havp > Squid > Internet
but it does sound alot more complicated to manage..

Well, it might be slightly more complicated, but it allows a lot more flexibility regarding acls, forwarding etc.