HTTP Anti-Virus Proxy

Hello,
HAVP is really great proxy with antivirus support but there's one feature i miss. If i add a domain name/url to blacklist, user still can access the that site using it's ip address. Does havp can do reverse lookup on a requested ip address and then compare the real domain name with the whitelist/blacklist?
Now, if i add *.google.com/* to blacklist, user can still access the site if he put 74.125.45.100 into his browser address bar.

Best regards!

No lookups are done, it's like it's requested..

If you need better ACLs, you need to use Squid in front of HAVP.

Thank you for the response. I know that no lookups are being made.. I'm asking if it is possible to add this feature in next version
My little wish for golden fish.

Well yeah, but soon it will be exactly like Squid (but less efficient unless lots of effort is made). And there are no developers to duplicate the code anyway.

I think the only priority is to make ICAP support in HAVP, so you can use it easily with Squid without parent hacks.

Well, i think it's better than squid (latest squid 3.0 STABLE10 for some reasons simply stops working after few hours... i had to use latest 2.7).
The only reason i have to use squid is that i can't find good havp's log analyzer - something like sarg or lightsquid (best!). Is there anything you can recommend? If i have a log analyzer for havp a would simple wipeout squid That's why i would really like to have a DNS reverse lookup before blacklist/whitelist check. Is it really so trouble making feature? I imagine it's only needed to check wheater option use_reverse_dns_lookup (or something like that) is set to yes and then do dns lookup before blacklist check. OR at least allow an ip net/netmask records in blacklist/whitelist

Please please please... Students are smart beasts and if one of them found a way to bypass our blacklist then this knowledge will spread soon ;/

Regards.

Squid is by no means perfect, but atleast 2.6 is rock stable. We just have to wait until 3.1 with proper ICAP support (and HTTP/1.1 fixes) is stable as well.

What you don't realize is how much more efficient and better http-compliant Squid is. HAVP is quickly put together, and is never recommended to be used stand-alone for larger setups. It's scanner, not a full blown proxy or content/blacklist filter. It requires much more effort to achieve those.

And yes, it's not as simple as it sounds. I personally don't have time to implement features which I don't see any use for. Patches are welcome..

PS. I don't remember if there are any HAVP analyzers..