HTTP Anti-Virus Proxy

Hi everyone.
I'm configurting SQUID <----> HAVP (with Clamav) <-----> SQUID
All started (SQUID not transparent)
My Browser is configurated to use the proxy, when i browse a web site which then my browser displayed the message:

The request is unknown:
Invalid request

access.log og squid:
1262560786.956 3 192.168.1.3 TCP_MISS/403 1187 GET http://www.server-side.de/tinc?key=tHj9oHYm - DEFAULT_PARENT/havp text/html
1262560793.921 10 192.168.1.3 TCP_MISS/403 1187 GET http://havp.hege.li/forum/ - DEFAULT_PARENT/havp text/html

havp.config
######## havp-0.91

PIDFILE /var/run/havp/havp.pid
ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log
LOG_OKS true
LOGLEVEL 1
TEMPDIR /var/tmp
TRANSPARENT true
PARENTPROXY 127.0.0.1
PARENTPORT 8080
FORWARDED_IP true
X_FORWARDED_FOR true
PORT 8090
BIND_ADDRESS 127.0.0.1
TEMPLATEPATH /usr/local/etc/havp/templates/en
ENABLECLAMLIB true
CLAMDBDIR /usr/local/share/clamav
ENABLECLAMD true
CLAMDSOCKET /tmp/clamd
CLAMDSERVER 127.0.0.1
CLAMDPORT 3310

squid.conf
# WELCOME TO SQUID 2.6.STABLE21

http_port 8080




cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default


prefer_direct off
nonhierarchical_direct off




acl all src 0.0.0.0/0.0.0.0
acl all_des dst 0.0.0.0/0.0.0.0
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl access_http proto HTTP
acl access_https proto HTTPS
acl noscan urlpath_regex -i \.(jpe?g|gif|png|ico)$


header_access Via deny all

always_direct allow noscan
always_direct deny access_http

http_access allow CONNECT !SSL_ports
http_access allow all
http_access allow all_des
http_access allow !Safe_ports

cache_peer_access havp deny access_https


refresh_pattern ^ftp: 1440 50% 10080
refresh_pattern -i \.(jpe?g|gif|png|ico)$ 43200 100% 43200
refresh_pattern -i \.(zip|rar|arj|cab|exe)$ 43200 100% 43200
refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100 43200
refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60
refresh_pattern . 20160 50% 43200
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320


Can everyone help me to resolve this problem?

Thanks.

Guess you can't use clamlib and clamd scanner together. Use one of them. clamlib should be preferred due to less overhead and increased scan speed.

Regards Severus

You have only one http_port ?

Have a look at the example again:

viewtopic.php?f=2&t=11

Squid -> HAVP -> Squid can't work with single port, it will loop.

Dear hege
I have configured your document but not work. Please help.
My configure squid and havp
1/squid.conf

http_port 3128

# This is SQUID2 port
# havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8081
http_port 127.0.0.1:8081

# Define acl for HAVP port (the port HAVP connects to, SQUID2)
acl FROM_HAVP myport 8081

# You probably don't care to log duplicate requests coming in from HAVP
log_access deny FROM_HAVP

# HAVP on localhost port 8090
cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default

# Needed if we want to go directly to SQUID2 without HAVP
cache_peer 127.0.0.1 parent 8081 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange

# This makes sure ALL requests are sent to parent peers when needed
prefer_direct off
nonhierarchical_direct off

# HTTPS traffic scanning not needed
# (squid2 skipped too, since it can't be cached)
acl HTTPS method CONNECT
always_direct allow HTTPS
# Always force use of HAVP or Squid2 parent
never_direct allow !FROM_HAVP

cache_peer_access havp deny FROM_HAVP
cache_peer_access havp deny HTTPS
cache_peer_access havp allow all
cache_peer_access squid2 deny FROM_HAVP
cache_peer_access squid2 allow all

2/havp.conf

# Run HAVP as transparent Proxy?
#
# If you don't know what this means read the mini-howto
# TransparentProxy written by Daniel Kiracofe.
# (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html)
# Definitely you have more to do than setting this to true.
# You are warned!
#
# Default:
# TRANSPARENT false
TRANSPARENT true

#
# Specify a parent proxy (e.g. Squid) HAVP should use.
#
# Default: NONE
#PARENTPROXY localhost
#PARENTPORT 3128
PARENTPROXY 127.0.0.1
PARENTPORT 8081


#
# Write X-Forwarded-For: to log instead of connecters IP?
#
# If HAVP is used as parent proxy by some other proxy, this allows
# to write the real users IP to log, instead of proxy IP.
#
# Default:
# FORWARDED_IP false


#
# Send X-Forwarded-For: header to servers?
#
# If client sent this header, FORWARDED_IP setting defines the value,
# then it is passed on. You might want to keep this disabled for security
# reasons. Enable this if you use your own parent proxy after HAVP, so it
# will see the original client IP.
#
# Disabling this also disables Via: header generation.
#
# Default:
# X_FORWARDED_FOR false


#
# Port HAVP is listening on.
#
# Default:
# PORT 8080
PORT 8090

#
# IP address that HAVP listens on.
# Let it be undefined to bind all addresses.
#
# Default: NONE
# BIND_ADDRESS 127.0.0.1

Thanks.

Hello!

Which Squid-Version are you using. At first, I see in your havp.conf
this should be false in squid-sandwich configuration (transparent mode is only used with firewall redirecting).
And you should bind your havp port to 127.0.0.1, because havp should only be reachable by squid (recommended)

If SSL connections not working, please try (and replace HTTPS):

regards

Dear karesmakro
Thanks for reply. I'm using squid cache 3.0.
I have edited the configuration squid and havp as your guide, but it still does not work.
Thanks.

Please post some squid error messages. As I remember right, squid3 don't works with havp!
I've to search for the relevant squid3 post, to be sure.

regards

I tried to get squid3 running with havp with following results.
squid->havp->squid :
very high payload on system and needs very much memory - havp creates for every request a double havp child process

squid->havp (over cache_peer)
for every request, a havp child process will be created, but request time seems to be normal
This kind of configuration has a disadvantage, that you have to create a ftp exception in squid.conf, because havp can't handle authentications

Fazit: squid3 is not my preffered version to filter http requests with havp (perhaps my squid3 is misconfigured - give a new try, if I find more time)

regards

p.s.: Is your squid configuration running without including havp?

Dear karesmakro
Many thanks for your kind support. Now, I have configured squid run havp (squid-havp).
If you have configured successfully (squid-havp-squid), you can post squid and havp configuration for all the references.
Thanks so much.