HTTP Anti-Virus Proxy :: View topic - Configure optimal havp settings

# HAVP

# This is SQUID2 port
# havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8088
http_port 127.0.0.1:8088

# Define acl for HAVP port (the port HAVP connects to, SQUID2)
acl FROM_HAVP myport 8088

# You probably don't care to log duplicate requests coming in from HAVP
log_access deny FROM_HAVP

# HAVP on localhost port 8090
cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default

# Needed if we want to go directly to SQUID2 without HAVP
cache_peer 127.0.0.1 parent 8088 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange

# This makes sure ALL requests are sent to parent peers when needed
prefer_direct off
nonhierarchical_direct off

# HTTPS traffic scanning not needed
# (squid2 skipped too, since it can't be cached)
acl HTTPS method CONNECT
always_direct allow HTTPS

# Always force use of HAVP or Squid2 parent
never_direct allow !FROM_HAVP

# It's easier to create whitelists here than in HAVP
# Also, if there is a bug in HAVP, whitelisting there might not work
acl NOSCAN dstdomain trusted.site.net

cache_peer_access havp deny FROM_HAVP
#cache_peer_access havp deny HTTPS
cache_peer_access havp deny NOSCAN
acl chunked dstdomain ache_peer_access havp allow all
cache_peer_access squid2 deny FROM_HAVP
cache_peer_access squid2 allow all

USER havp
GROUP havp

DAEMON true

PIDFILE /var/run/havp/havp.pid

SERVERNUMBER 25

ACCESSLOG /var/log/havp/access.log
ERRORLOG /var/log/havp/havp.log

LOG_OKS false

LOGLEVEL 0

SCANTEMPFILE /var/spool/havp/havp-XXXXXX

DBRELOAD 60

TRANSPARENT false

PARENTPROXY localhost
PARENTPORT 8088

PORT 8090

TEMPLATEPATH /etc/havp/templates/en

WHITELISTFIRST true

WHITELIST /etc/havp/whitelist

SCANNERTIMEOUT 10

RANGE false

SCANIMAGES true

MAXSCANSIZE 8000000

KEEPBACKBUFFER 200000

TRICKLING 30

STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS

STREAMSCANSIZE 20000

ENABLECLAMLIB true

CLAMDBDIR /var/lib/clamav

ENABLECLAMD false

ENABLEFPROT false

ENABLEAVG false

ENABLEAVESERVER false

ENABLESOPHIE false

ENABLETROPHIE false

ENABLENOD32 false

ENABLEAVAST false

ENABLEARCAVIR false

ENABLEDRWEB false

Author:	ccc [ 31 Jan 2010 13:15 ]
Post subject:	Configure optimal havp settings
hi We're using proxy squid 2.6.STABLE5 (NOT transparent) for about 150 WIN2000 SP4 clients. I've configured squid-havp-clamav and it seems to work. Can someone pls check my configuration? I'm still not sure about havp ports. I've add in /etc/squid/squid.conf the following lines: Code: # HAVP # This is SQUID2 port # havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8088 http_port 127.0.0.1:8088 # Define acl for HAVP port (the port HAVP connects to, SQUID2) acl FROM_HAVP myport 8088 # You probably don't care to log duplicate requests coming in from HAVP log_access deny FROM_HAVP # HAVP on localhost port 8090 cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default # Needed if we want to go directly to SQUID2 without HAVP cache_peer 127.0.0.1 parent 8088 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange # This makes sure ALL requests are sent to parent peers when needed prefer_direct off nonhierarchical_direct off # HTTPS traffic scanning not needed # (squid2 skipped too, since it can't be cached) acl HTTPS method CONNECT always_direct allow HTTPS # Always force use of HAVP or Squid2 parent never_direct allow !FROM_HAVP # It's easier to create whitelists here than in HAVP # Also, if there is a bug in HAVP, whitelisting there might not work acl NOSCAN dstdomain trusted.site.net cache_peer_access havp deny FROM_HAVP #cache_peer_access havp deny HTTPS cache_peer_access havp deny NOSCAN acl chunked dstdomain ache_peer_access havp allow all cache_peer_access squid2 deny FROM_HAVP cache_peer_access squid2 allow all and my /etc/havp/havp.config: Code: USER havp GROUP havp DAEMON true PIDFILE /var/run/havp/havp.pid SERVERNUMBER 25 ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS false LOGLEVEL 0 SCANTEMPFILE /var/spool/havp/havp-XXXXXX DBRELOAD 60 TRANSPARENT false PARENTPROXY localhost PARENTPORT 8088 PORT 8090 TEMPLATEPATH /etc/havp/templates/en WHITELISTFIRST true WHITELIST /etc/havp/whitelist SCANNERTIMEOUT 10 RANGE false SCANIMAGES true MAXSCANSIZE 8000000 KEEPBACKBUFFER 200000 TRICKLING 30 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS STREAMSCANSIZE 20000 ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav ENABLECLAMD false ENABLEFPROT false ENABLEAVG false ENABLEAVESERVER false ENABLESOPHIE false ENABLETROPHIE false ENABLENOD32 false ENABLEAVAST false ENABLEARCAVIR false ENABLEDRWEB false

HTTP Anti-Virus Proxy http://havp.hege.li/forum/

Configure optimal havp settings http://havp.hege.li/forum/viewtopic.php?f=3&t=521	Page 1 of 1

Page 1 of 1	All times are UTC + 2 hours [ DST ]
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/