| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| better CONNECT options- HAVP is useless for me right now. http://havp.hege.li/forum/viewtopic.php?f=4&t=335 |
Page 1 of 1 |
| Author: | andrew [ 12 Feb 2008 19:07 ] |
| Post subject: | better CONNECT options- HAVP is useless for me right now. |
According to connectiontobrowser.cpp only ports 443 and 563 can be CONNECTed to. That is somewhat limiting. Is there any reason the whitelist couldn't override that? I need to have certain machines use the http proxy to rsync some data around and they will be CONNECTing to a host in the whitelist on port 873. site.com:873 would be in the whitelist. Even an havp.conf setting for which ports are allowed seems reasonable. |
|
| Author: | hege [ 12 Feb 2008 19:38 ] |
| Post subject: | |
If you need such fine grade ACLs please use Squid in front. HAVP is not even intended for passing SSL traffic or any unnecessary traffic for that matter, all that uses up child processes. (Ports will be more relaxed in next version) |
|
| Author: | andrew [ 12 Feb 2008 20:34 ] |
| Post subject: | |
Running squid in front created different problems. HAVP doesn't support underscores in hostnames. It also doesn't process ftp:// urls as well as squid. havp ended up in front of squid to make some of those problems go away. |
|
| Author: | hege [ 12 Feb 2008 20:44 ] |
| Post subject: | |
andrew wrote: HAVP doesn't support underscores in hostnames. HAVP doesn't care about that. Quote: It also doesn't process ftp:// urls as well as squid.
Ofcourse as there is no ftp support. You should use the recommended sandwich configuration. |
|
| Author: | andrew [ 12 Feb 2008 21:12 ] |
| Post subject: | |
hege wrote: andrew wrote: HAVP doesn't support underscores in hostnames. HAVP doesn't care about that. That's funny. Simply switching the program order (HAVP forwarding to squid instead of squid forwarding to HAVP) fixed the problem. That tends to point to HAVP. Quote: It also doesn't process ftp:// urls as well as squid. Ofcourse as there is no ftp support. You should use the recommended sandwich configuration.[/quote] Sounds good. I'm finding those things out the hard way which is fine. I tend to learn things better that way. Either way- the arbitrary 443 and 563 CONNECT limitation isn't documented anywhere and presented a problem for me. Hence my post in the "wishes" forum. |
|
| Author: | hege [ 12 Feb 2008 21:18 ] |
| Post subject: | |
andrew wrote: That's funny. Simply switching the program order (HAVP forwarding to squid instead of squid forwarding to HAVP) fixed the problem. That tends to point to HAVP.
HAVP uses gethostbyname() so it's up to your OS system library to allow it or not. Maybe adding "options no-check-names" to resolv.conf will fix it. You do know that underscores are not very legal in hostnames? 
|
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|