hi
We're using proxy squid 2.6.STABLE5 (NOT transparent) for about 150 WIN2000 SP4 clients.
I've configured squid-havp-clamav and it seems to work.
Can someone pls check my configuration?
I'm still not sure about
havp ports.
I've add in /etc/squid/squid.conf the following lines:
Code:
# HAVP
# This is SQUID2 port
# havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8088
http_port 127.0.0.1:8088
# Define acl for HAVP port (the port HAVP connects to, SQUID2)
acl FROM_HAVP myport 8088
# You probably don't care to log duplicate requests coming in from HAVP
log_access deny FROM_HAVP
# HAVP on localhost port 8090
cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default
# Needed if we want to go directly to SQUID2 without HAVP
cache_peer 127.0.0.1 parent 8088 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange
# This makes sure ALL requests are sent to parent peers when needed
prefer_direct off
nonhierarchical_direct off
# HTTPS traffic scanning not needed
# (squid2 skipped too, since it can't be cached)
acl HTTPS method CONNECT
always_direct allow HTTPS
# Always force use of HAVP or Squid2 parent
never_direct allow !FROM_HAVP
# It's easier to create whitelists here than in HAVP
# Also, if there is a bug in HAVP, whitelisting there might not work
acl NOSCAN dstdomain trusted.site.net
cache_peer_access havp deny FROM_HAVP
#cache_peer_access havp deny HTTPS
cache_peer_access havp deny NOSCAN
acl chunked dstdomain ache_peer_access havp allow all
cache_peer_access squid2 deny FROM_HAVP
cache_peer_access squid2 allow all
and my /etc/havp/havp.config:
Code:
USER havp
GROUP havp
DAEMON true
PIDFILE /var/run/havp/havp.pid
SERVERNUMBER 25
ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log
LOG_OKS false
LOGLEVEL 0
SCANTEMPFILE /var/spool/havp/havp-XXXXXX
DBRELOAD 60
TRANSPARENT false
PARENTPROXY localhost
PARENTPORT 8088
PORT 8090
TEMPLATEPATH /etc/havp/templates/en
WHITELISTFIRST true
WHITELIST /etc/havp/whitelist
SCANNERTIMEOUT 10
RANGE false
SCANIMAGES true
MAXSCANSIZE 8000000
KEEPBACKBUFFER 200000
TRICKLING 30
STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS
STREAMSCANSIZE 20000
ENABLECLAMLIB true
CLAMDBDIR /var/lib/clamav
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false