HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
HAVP, The request is unknown: Invalid request http://havp.hege.li/forum/viewtopic.php?f=3&t=489 |
Page 1 of 1 |
Author: | hungctt [ 03 Jan 2010 19:41 ] |
Post subject: | HAVP, The request is unknown: Invalid request |
Hi everyone. I'm configurting SQUID <----> HAVP (with Clamav) <-----> SQUID All started (SQUID not transparent) My Browser is configurated to use the proxy, when i browse a web site which then my browser displayed the message: The request is unknown: Invalid request access.log og squid: 1262560786.956 3 192.168.1.3 TCP_MISS/403 1187 GET http://www.server-side.de/tinc?key=tHj9oHYm - DEFAULT_PARENT/havp text/html 1262560793.921 10 192.168.1.3 TCP_MISS/403 1187 GET http://havp.hege.li/forum/ - DEFAULT_PARENT/havp text/html havp.config ######## havp-0.91 PIDFILE /var/run/havp/havp.pid ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS true LOGLEVEL 1 TEMPDIR /var/tmp TRANSPARENT true PARENTPROXY 127.0.0.1 PARENTPORT 8080 FORWARDED_IP true X_FORWARDED_FOR true PORT 8090 BIND_ADDRESS 127.0.0.1 TEMPLATEPATH /usr/local/etc/havp/templates/en ENABLECLAMLIB true CLAMDBDIR /usr/local/share/clamav ENABLECLAMD true CLAMDSOCKET /tmp/clamd CLAMDSERVER 127.0.0.1 CLAMDPORT 3310 squid.conf # WELCOME TO SQUID 2.6.STABLE21 http_port 8080 cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default prefer_direct off nonhierarchical_direct off acl all src 0.0.0.0/0.0.0.0 acl all_des dst 0.0.0.0/0.0.0.0 acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_ports port 70 acl Safe_ports port 210 acl Safe_ports port 1025-65535 acl Safe_ports port 280 acl Safe_ports port 488 acl Safe_ports port 591 acl Safe_ports port 777 acl CONNECT method CONNECT acl access_http proto HTTP acl access_https proto HTTPS acl noscan urlpath_regex -i \.(jpe?g|gif|png|ico)$ header_access Via deny all always_direct allow noscan always_direct deny access_http http_access allow CONNECT !SSL_ports http_access allow all http_access allow all_des http_access allow !Safe_ports cache_peer_access havp deny access_https refresh_pattern ^ftp: 1440 50% 10080 refresh_pattern -i \.(jpe?g|gif|png|ico)$ 43200 100% 43200 refresh_pattern -i \.(zip|rar|arj|cab|exe)$ 43200 100% 43200 refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200 refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100 43200 refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60 refresh_pattern . 20160 50% 43200 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 Can everyone help me to resolve this problem? Thanks. |
Author: | Severus [ 09 Jan 2010 10:44 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
hungcct wrote: ENABLECLAMLIB true CLAMDBDIR /usr/local/share/clamav ENABLECLAMD true CLAMDSOCKET /tmp/clamd Guess you can't use clamlib and clamd scanner together. Use one of them. clamlib should be preferred due to less overhead and increased scan speed. Regards Severus |
Author: | hege [ 10 Jan 2010 17:41 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
You have only one http_port ? Have a look at the example again: viewtopic.php?f=2&t=11 Squid -> HAVP -> Squid can't work with single port, it will loop. |
Author: | tnctstuvn1981 [ 23 Jan 2010 06:24 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
Dear hege I have configured your document but not work. Please help. My configure squid and havp 1/squid.conf http_port 3128 # This is SQUID2 port # havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8081 http_port 127.0.0.1:8081 # Define acl for HAVP port (the port HAVP connects to, SQUID2) acl FROM_HAVP myport 8081 # You probably don't care to log duplicate requests coming in from HAVP log_access deny FROM_HAVP # HAVP on localhost port 8090 cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default # Needed if we want to go directly to SQUID2 without HAVP cache_peer 127.0.0.1 parent 8081 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange # This makes sure ALL requests are sent to parent peers when needed prefer_direct off nonhierarchical_direct off # HTTPS traffic scanning not needed # (squid2 skipped too, since it can't be cached) acl HTTPS method CONNECT always_direct allow HTTPS # Always force use of HAVP or Squid2 parent never_direct allow !FROM_HAVP cache_peer_access havp deny FROM_HAVP cache_peer_access havp deny HTTPS cache_peer_access havp allow all cache_peer_access squid2 deny FROM_HAVP cache_peer_access squid2 allow all 2/havp.conf # Run HAVP as transparent Proxy? # # If you don't know what this means read the mini-howto # TransparentProxy written by Daniel Kiracofe. # (e.g.: http://www.tldp.org/HOWTO/mini/TransparentProxy.html) # Definitely you have more to do than setting this to true. # You are warned! # # Default: # TRANSPARENT false TRANSPARENT true # # Specify a parent proxy (e.g. Squid) HAVP should use. # # Default: NONE #PARENTPROXY localhost #PARENTPORT 3128 PARENTPROXY 127.0.0.1 PARENTPORT 8081 # # Write X-Forwarded-For: to log instead of connecters IP? # # If HAVP is used as parent proxy by some other proxy, this allows # to write the real users IP to log, instead of proxy IP. # # Default: # FORWARDED_IP false # # Send X-Forwarded-For: header to servers? # # If client sent this header, FORWARDED_IP setting defines the value, # then it is passed on. You might want to keep this disabled for security # reasons. Enable this if you use your own parent proxy after HAVP, so it # will see the original client IP. # # Disabling this also disables Via: header generation. # # Default: # X_FORWARDED_FOR false # # Port HAVP is listening on. # # Default: # PORT 8080 PORT 8090 # # IP address that HAVP listens on. # Let it be undefined to bind all addresses. # # Default: NONE # BIND_ADDRESS 127.0.0.1 Thanks. |
Author: | karesmakro [ 26 Jan 2010 22:47 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
Hello! Which Squid-Version are you using. At first, I see in your havp.conf Code: TRANSPARENT true this should be false in squid-sandwich configuration (transparent mode is only used with firewall redirecting).And you should bind your havp port to 127.0.0.1, because havp should only be reachable by squid (recommended) If SSL connections not working, please try (and replace HTTPS): Code: acl SSL proto SSL always_direct allow SSL ... ... cache_peer_access havp deny SSL regards |
Author: | tnctstuvn1981 [ 29 Jan 2010 11:47 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
Dear karesmakro Thanks for reply. I'm using squid cache 3.0. I have edited the configuration squid and havp as your guide, but it still does not work. Thanks. |
Author: | karesmakro [ 29 Jan 2010 12:29 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
Please post some squid error messages. As I remember right, squid3 don't works with havp! I've to search for the relevant squid3 post, to be sure. regards |
Author: | karesmakro [ 31 Jan 2010 12:06 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
I tried to get squid3 running with havp with following results. squid->havp->squid : very high payload on system and needs very much memory - havp creates for every request a double havp child process squid->havp (over cache_peer) for every request, a havp child process will be created, but request time seems to be normal This kind of configuration has a disadvantage, that you have to create a ftp exception in squid.conf, because havp can't handle authentications Fazit: squid3 is not my preffered version to filter http requests with havp (perhaps my squid3 is misconfigured - give a new try, if I find more time) regards p.s.: Is your squid configuration running without including havp? |
Author: | tnctstuvn1981 [ 31 Jan 2010 20:32 ] |
Post subject: | Re: HAVP, The request is unknown: Invalid request |
Dear karesmakro Many thanks for your kind support. Now, I have configured squid run havp (squid-havp). If you have configured successfully (squid-havp-squid), you can post squid and havp configuration for all the references. Thanks so much. |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |