HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
squid3 + havp + log analysing tools http://havp.hege.li/forum/viewtopic.php?f=3&t=477 |
Page 1 of 1 |
Author: | smueller [ 09 Nov 2009 20:51 ] |
Post subject: | squid3 + havp + log analysing tools |
In General theres a Problem with the Infrastructure client --> squid --> havp -->squid --> internet on the same Machine, since you'll log each http request two times (one from the client, the other from havp) giving strange results to calamaris/sarg etc... So i RTFM'd a bit, and hey, theres a solution even for that Problem... So, for anyone interested, i though i share my ideas Heres the squid.conf (since i hate looking for it in my Documents Folder... ) Comments are welcome (especially about the squid->havp connection since i'm not shure avbout this dunno where i got that from, but it works...) Code: http_port 3128 http_port 127.0.0.1:8081 tcp_outgoing_address 10.23.42.13 ##not really but it looks cool.... acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl SSL_ports port 10443 # i hate these bastards... acl SSL_ports port 8443 # se above acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl src_lan src 10.23.42.0/24 acl src_dmz src some.other.cool.ips ###important stuff acl client_port myport 3128 acl havp_port myport 8081 acl no_virus_scan dstdomain .dontscan.me acl dontcache dstdomain .ubuntu.com ## you'll get some nasty hashsum errors if you cache ubuntu files http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow havp_port localhost http_access deny havp_port all http_access allow localhost http_access allow src_lan http_access allow src_dmz http_access deny all http_reply_access allow all always_direct allow dst_dmz always_direct allow no_virus_scan no_cache deny havp_port # we dont want to cache possible viruses, do we? no_cache deny dontcache ## connect to havp cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default cache_peer_access 127.0.0.1 deny CONNECT cache_peer_access 127.0.0.1 deny havp_port #needet if you dont want to loop your request cache_peer_access 127.0.0.1 allow all #some other stuff cache_dir diskd /var/spool/squid3 2000 4 256 cache_mem 512 MB # more stuff as you need .... # now the logging fun access_log /var/log/squid3/full.log squid # std log with ervey request access_log /var/log/squid3/clean.log squid client_port !havp_port # log only request coming to client port and not those to the havp port, After that you should have a ugly full.log as usual and a nice one with all the requests your clients made, and the exeption you configured (coming up as DIRECT...) so you only need to configure sarg/calamaris etc to read clean.log and everything should be fine |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |