HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.


All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 5 posts ] 
Author Message
PostPosted: 26 May 2009 17:17 
Offline

Joined: 04 Apr 2007 17:34
Posts: 5
Hi all,

I have User--->havp---->squid---->internet setup. I have configured havp to go through parent proxy, Here is my configuration of havp.
Code:
USER havp
GROUP havp
DAEMON true
PIDFILE /var/run/havp/havp.pid
SERVERNUMBER 8
MAXSERVERS 100
ACCESSLOG /var/log/havp/access.log
LOG_OKS false
LOGLEVEL 1
SCANTEMPFILE /var/tmp/havp/havp-XXXXXX
TEMPDIR /var/tmp
DBRELOAD 60
TRANSPARENT false
PARENTPROXY localhost
PARENTPORT 3128
FORWARDED_IP true
X_FORWARDED_FOR true
PORT 8080
TEMPLATEPATH /etc/havp/templates/en
FAILSCANERROR true
SCANNERTIMEOUT 10
RANGE true
MAXSCANSIZE 5000000
KEEPBACKBUFFER 200000
KEEPBACKTIME 5
TRICKLING 30
TRICKLINGBYTES 1
MAXDOWNLOADSIZE 0
STREAMSCANSIZE 20000
ENABLECLAMLIB true
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false

squid is also configured to listen on localhost:3128
I have simple web pages are working fine, but problem occurs when I try to access ssl enable web pages(https)
I get error in /var/log/havp/error.log
Code:
26/05/2009 17:49:39 (192.168.1.1) SSL tunneling failed through parentproxy (response: 301)
26/05/2009 17:51:15 (192.168.1.1) SSL tunneling failed through parentproxy (response: 301)
26/05/2009 17:51:15 (192.168.1.1) SSL tunneling failed through parentproxy (response: 301)
26/05/2009 17:56:27 (127.0.0.1) Could not read server header (192.168.1.1/ev.yieldbuild.com:80)
26/05/2009 17:58:28 (127.0.0.1) Could not read server header (192.168.1.1/ev.yieldbuild.com:80)
26/05/2009 18:04:58 (192.168.1.1) SSL tunneling failed through parentproxy (response: 301)
26/05/2009 18:05:56 (192.168.1.1) Could not send body to browser
26/05/2009 18:53:18 (127.0.0.1) Could not send browser body to server (192.168.1.1/httpcs.msg.yahoo.com:80)
26/05/2009 19:25:46 (127.0.0.1) Could not send browser body to server (192.168.1.1/httpcs.msg.yahoo.com:80)
26/05/2009 19:28:10 (127.0.0.1) Could not read server header (192.168.1.1/98.136.113.171:80)
26/05/2009 19:29:59 (192.168.1.1) Could not read browser header
26/05/2009 19:30:16 (127.0.0.1) Could not read server header (192.168.1.1/98.136.113.171:80)
26/05/2009 19:35:28 (127.0.0.1) Could not read server header (192.168.1.1/98.136.113.171:80)
26/05/2009 19:38:24 (127.0.0.1) Could not read server header (192.168.1.1/suggestqueries.google.com:80)
26/05/2009 19:40:27 (127.0.0.1) Could not read server header (192.168.1.1/98.136.112.136:80)

here is 192.168.1.1 is user's ip address.
Can any one tell me whats problem here? :?

_________________
Best Regards,
Dhaval


Top
 Profile  
 
PostPosted: 27 May 2009 09:56 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
Hi Dhaval!

HAVP can't handle any SSL connections! The reason is, that your server can't decrypt the requests, because this is a point to point encryption.
You can find some ways on google, to let apache doing handle the ssl requests. But think about twice, this is a perfomance question!

In your configuration, clients have to connect directly to squid for any ssl connections. I suppose that you manually fill out the proxy settings for your clients.

Another way would be to configure squid -> havp -> internet or squid->havp->squid and create an exception for ssl requests in your squid configuration.

regards, karesmakro :wink:

:arrow: EDIT: One keyword to search for apache example is mod proxy!


Top
 Profile  
 
PostPosted: 18 Jun 2010 20:26 
Offline

Joined: 18 Jun 2010 01:32
Posts: 3
This is similar to what we're doing:

Code:
user:80 -> squid -----\
                       -havp ->mod_proxy -> internet server
user:443->mod_proxy---/


We're currently working on the 443 mod_proxy and a single wildcard certificate and replacing it with an sslproxy with dynamic cert generation.

This is being developed not only for virus scanning but also for Data Loss Prevention. allowing us to scan incoming/outgoing traffic for possible restricted data.


Top
 Profile  
 
PostPosted: 18 Jun 2010 20:31 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
This sounds nice! Hope you want to share your solution :D


Top
 Profile  
 
PostPosted: 18 Jun 2010 23:03 
Offline

Joined: 18 Jun 2010 01:32
Posts: 3
once it's at least in the works for me phase I'll post the config and hopefully code. The sslproxy is based on gpl code but i have to get an ok to distribute it outside the company.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group