| HTTP Anti-Virus Proxy http://havp.hege.li/forum/ |
|
| DNS Reverse lookup before checking blacklist/whitelist http://havp.hege.li/forum/viewtopic.php?f=4&t=401 |
Page 1 of 1 |
| Author: | lordzik [ 01 Dec 2008 19:19 ] |
| Post subject: | DNS Reverse lookup before checking blacklist/whitelist |
Hello, HAVP is really great proxy with antivirus support but there's one feature i miss. If i add a domain name/url to blacklist, user still can access the that site using it's ip address. Does havp can do reverse lookup on a requested ip address and then compare the real domain name with the whitelist/blacklist? Now, if i add *.google.com/* to blacklist, user can still access the site if he put 74.125.45.100 into his browser address bar. Best regards! |
|
| Author: | hege [ 01 Dec 2008 19:34 ] |
| Post subject: | Re: DNS Reverse lookup before checking blacklist/whitelist |
No lookups are done, it's like it's requested.. If you need better ACLs, you need to use Squid in front of HAVP. |
|
| Author: | lordzik [ 01 Dec 2008 19:36 ] |
| Post subject: | Re: DNS Reverse lookup before checking blacklist/whitelist |
hege wrote: No lookups are done, it's like it's requested.. If you need better ACLs, you need to use Squid in front of HAVP. Thank you for the response. I know that no lookups are being made.. I'm asking if it is possible to add this feature in next version  My little wish for golden fish. |
|
| Author: | hege [ 01 Dec 2008 19:47 ] |
| Post subject: | Re: DNS Reverse lookup before checking blacklist/whitelist |
Well yeah, but soon it will be exactly like Squid (but less efficient unless lots of effort is made). And there are no developers to duplicate the code anyway. I think the only priority is to make ICAP support in HAVP, so you can use it easily with Squid without parent hacks. |
|
| Author: | lordzik [ 02 Dec 2008 10:57 ] |
| Post subject: | Re: DNS Reverse lookup before checking blacklist/whitelist |
hege wrote: Well yeah, but soon it will be exactly like Squid (but less efficient unless lots of effort is made). And there are no developers to duplicate the code anyway. I think the only priority is to make ICAP support in HAVP, so you can use it easily with Squid without parent hacks. Well, i think it's better than squid (latest squid 3.0 STABLE10 for some reasons simply stops working after few hours... i had to use latest 2.7).The only reason i have to use squid is that i can't find good havp's log analyzer - something like sarg or lightsquid (best!). Is there anything you can recommend? If i have a log analyzer for havp a would simple wipeout squid  That's why i would really like to have a DNS reverse lookup before blacklist/whitelist check. Is it really so trouble making feature? I imagine it's only needed to check wheater option use_reverse_dns_lookup (or something like that) is set to yes and then do dns lookup before blacklist check. OR at least allow an ip net/netmask records in blacklist/whitelist Please please please... Students are smart beasts and if one of them found a way to bypass our blacklist then this knowledge will spread soon ;/Regards. |
|
| Author: | hege [ 02 Dec 2008 11:11 ] |
| Post subject: | Re: DNS Reverse lookup before checking blacklist/whitelist |
Squid is by no means perfect, but atleast 2.6 is rock stable. We just have to wait until 3.1 with proper ICAP support (and HTTP/1.1 fixes) is stable as well. What you don't realize is how much more efficient and better http-compliant Squid is. HAVP is quickly put together, and is never recommended to be used stand-alone for larger setups. It's scanner, not a full blown proxy or content/blacklist filter. It requires much more effort to achieve those. And yes, it's not as simple as it sounds. I personally don't have time to implement features which I don't see any use for. Patches are welcome.. PS. I don't remember if there are any HAVP analyzers.. |
|
| Page 1 of 1 | All times are UTC + 2 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|