HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
Configure optimal havp settings http://havp.hege.li/forum/viewtopic.php?f=3&t=521 |
Page 1 of 1 |
Author: | ccc [ 31 Jan 2010 13:15 ] |
Post subject: | Configure optimal havp settings |
hi We're using proxy squid 2.6.STABLE5 (NOT transparent) for about 150 WIN2000 SP4 clients. I've configured squid-havp-clamav and it seems to work. Can someone pls check my configuration? I'm still not sure about havp ports. I've add in /etc/squid/squid.conf the following lines: Code: # HAVP # This is SQUID2 port # havp.config has PARENTHOST 127.0.0.1, PARENTPORT 8088 http_port 127.0.0.1:8088 # Define acl for HAVP port (the port HAVP connects to, SQUID2) acl FROM_HAVP myport 8088 # You probably don't care to log duplicate requests coming in from HAVP log_access deny FROM_HAVP # HAVP on localhost port 8090 cache_peer 127.0.0.1 parent 8090 0 name=havp proxy-only no-query no-digest no-netdb-exchange default # Needed if we want to go directly to SQUID2 without HAVP cache_peer 127.0.0.1 parent 8088 0 name=squid2 proxy-only no-query no-digest no-netdb-exchange # This makes sure ALL requests are sent to parent peers when needed prefer_direct off nonhierarchical_direct off # HTTPS traffic scanning not needed # (squid2 skipped too, since it can't be cached) acl HTTPS method CONNECT always_direct allow HTTPS # Always force use of HAVP or Squid2 parent never_direct allow !FROM_HAVP # It's easier to create whitelists here than in HAVP # Also, if there is a bug in HAVP, whitelisting there might not work acl NOSCAN dstdomain trusted.site.net cache_peer_access havp deny FROM_HAVP #cache_peer_access havp deny HTTPS cache_peer_access havp deny NOSCAN acl chunked dstdomain ache_peer_access havp allow all cache_peer_access squid2 deny FROM_HAVP cache_peer_access squid2 allow all and my /etc/havp/havp.config: Code: USER havp
GROUP havp DAEMON true PIDFILE /var/run/havp/havp.pid SERVERNUMBER 25 ACCESSLOG /var/log/havp/access.log ERRORLOG /var/log/havp/havp.log LOG_OKS false LOGLEVEL 0 SCANTEMPFILE /var/spool/havp/havp-XXXXXX DBRELOAD 60 TRANSPARENT false PARENTPROXY localhost PARENTPORT 8088 PORT 8090 TEMPLATEPATH /etc/havp/templates/en WHITELISTFIRST true WHITELIST /etc/havp/whitelist SCANNERTIMEOUT 10 RANGE false SCANIMAGES true MAXSCANSIZE 8000000 KEEPBACKBUFFER 200000 TRICKLING 30 STREAMUSERAGENT Player Winamp iTunes QuickTime Audio RMA/ MAD/ Foobar2000 XMMS STREAMSCANSIZE 20000 ENABLECLAMLIB true CLAMDBDIR /var/lib/clamav ENABLECLAMD false ENABLEFPROT false ENABLEAVG false ENABLEAVESERVER false ENABLESOPHIE false ENABLETROPHIE false ENABLENOD32 false ENABLEAVAST false ENABLEARCAVIR false ENABLEDRWEB false |
Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |