HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.


Board index » HAVP Support » General Support

All times are UTC + 2 hours [ DST ]



Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view Previous topic | Next topic 
Author Message
ccc
PostPosted: 31 Jan 2010 13:15 
Offline

Joined: 07 May 2008 22:51
Posts: 17
hi

We're using proxy squid 2.6.STABLE5 (NOT transparent) for about 150 WIN2000 SP4 clients.
I've configured squid-havp-clamav and it seems to work.

Can someone pls check my configuration?
I'm still not sure about havp ports.

I've add in /etc/squid/squid.conf the following lines:
Code:
# HAVP

# This is SQUID2 port
# havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8088
http_port 127.0.0.1:8088

# Define acl for HAVP port (the port HAVP connects to, SQUID2)
acl FROM_HAVP myport 8088

# You probably don't care to log duplicate requests coming in from HAVP
log_access deny FROM_HAVP

# HAVP on localhost port 8090
cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default

# Needed if we want to go directly to SQUID2 without HAVP
cache_peer 127.0.0.1 parent 8088 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange

# This makes sure ALL requests are sent to parent peers when needed
prefer_direct off
nonhierarchical_direct off

# HTTPS traffic scanning not needed
# (squid2 skipped too, since it can't be cached)
acl HTTPS method CONNECT
always_direct allow HTTPS

# Always force use of HAVP or Squid2 parent
never_direct allow !FROM_HAVP

# It's easier to create whitelists here than in HAVP
# Also, if there is a bug in HAVP, whitelisting there might not work
acl NOSCAN dstdomain trusted.site.net

cache_peer_access havp deny FROM_HAVP
#cache_peer_access havp deny HTTPS
cache_peer_access havp deny NOSCAN
acl chunked dstdomain ache_peer_access havp allow all
cache_peer_access squid2 deny FROM_HAVP
cache_peer_access squid2 allow all


and my /etc/havp/havp.config:
Code:
USER havp
GROUP havp

DAEMON true

PIDFILE /var/run/havp/havp.pid

SERVERNUMBER 25

ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log

LOG_OKS false

LOGLEVEL 0

SCANTEMPFILE /var/spool/havp/havp-XXXXXX

DBRELOAD 60 

TRANSPARENT false


PARENTPROXY localhost
PARENTPORT 8088


PORT 8090


TEMPLATEPATH /etc/havp/templates/en

WHITELISTFIRST true

WHITELIST /etc/havp/whitelist

SCANNERTIMEOUT 10

RANGE false

SCANIMAGES true

MAXSCANSIZE 8000000

KEEPBACKBUFFER 200000

TRICKLING 30

STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

STREAMSCANSIZE 20000

ENABLECLAMLIB true

CLAMDBDIR /var/lib/clamav

ENABLECLAMD false

ENABLEFPROT false

ENABLEAVG false

ENABLEAVESERVER false

ENABLESOPHIE false

ENABLETROPHIE false

ENABLENOD32 false

ENABLEAVAST false

ENABLEARCAVIR false

ENABLEDRWEB false
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » HAVP Support » General Support

All times are UTC + 2 hours [ DST ]

Who is online

Users browsing this forum: Google [Bot] and 2 guests

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group