| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| good or ugly : HAVP in reverse proxy ? + no scan at upload http://havp.hege.li/forum/viewtopic.php?f=3&t=405 |
Page 1 of 1 |
| Author: | alex8657 [ 22 Dec 2008 10:19 ] |
| Post subject: | good or ugly : HAVP in reverse proxy ? + no scan at upload |
Hi Please tell me if i am using HAVP in a way where it should not be used, but i am currently experimenting a reverse-proxy configuration, in the scheme browser->squid->havp->tomcat_java_app To achieve that, i set HAVP in "transparent" mode, and put the tomcat web site as its parent. I saw somewhere in the forum people wondering why we should need virus scanning at upload, well... this is exactly one case: prevent users from uploading viruses on the website (here a java/tomcat powered community web site). So, if there are no way, nor plans to add scanning at upload, is there any trick or alternative have the file scanned before it is submitted to the parent ? Note that i also tried using c-icap+clamav with squid3, and there also appeared no scan at upload. Furthermore, it appeared to me as being very unreliable, as one page of ten would always seem unreachable and report an error, despites squid alone would work great without c-icap+clamav. |
|
| Author: | hege [ 22 Dec 2008 11:23 ] |
| Post subject: | Re: good or ugly : HAVP in reverse proxy ? + no scan at upload |
Searching uploaded files from POST requests requires some parsing. As you may have noticed from the announcement, there aren't any developers to do new features currently. No way to scan in the web server itself after upload? That would be the safest way. |
|
| Author: | karesmakro [ 27 Dec 2008 22:19 ] |
| Post subject: | Re: good or ugly : HAVP in reverse proxy ? + no scan at upload |
A good way, to do so is for example dazuko (on-access scanning) for that directory, where uploads are stored. Dazuko is rejecting the file, if there is any virus! But don't use dazuko for the whole web folder! It slow down your requests rapidly! |
|
| Author: | alex8657 [ 28 Dec 2008 11:40 ] |
| Post subject: | Re: good or ugly : HAVP in reverse proxy ? + no scan at upload |
Ah, i did not think about this, as the configuration file indicates that Dazuko is beta and not ready for production use. I may give it a try, then |
|
| Author: | karesmakro [ 31 Dec 2008 11:28 ] |
| Post subject: | Re: good or ugly : HAVP in reverse proxy ? + no scan at upload |
Are you using the newest kernel version (2.6.28)? I installed all versions and can say, it's stable and no problems coming up! If you compile every new kernel versions, it's a little bit more work. But i can't believe this on a web server. The earlier versions of dazuko are stable. wish you all a happy new year ... |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|