HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
PostPosted: 12 Feb 2008 19:07 
Offline

Joined: 12 Feb 2008 19:03
Posts: 3
According to connectiontobrowser.cpp only ports 443 and 563 can be CONNECTed to. That is somewhat limiting.

Is there any reason the whitelist couldn't override that? I need to have certain machines use the http proxy to rsync some data around and they will be CONNECTing to a host in the whitelist on port 873. site.com:873 would be in the whitelist.

Even an havp.conf setting for which ports are allowed seems reasonable.


Top
 Profile  
 
 Post subject:
PostPosted: 12 Feb 2008 19:38 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
If you need such fine grade ACLs please use Squid in front. HAVP is not even intended for passing SSL traffic or any unnecessary traffic for that matter, all that uses up child processes.

(Ports will be more relaxed in next version)


Top
 Profile  
 
 Post subject:
PostPosted: 12 Feb 2008 20:34 
Offline

Joined: 12 Feb 2008 19:03
Posts: 3
Running squid in front created different problems. HAVP doesn't support underscores in hostnames. It also doesn't process ftp:// urls as well as squid.

havp ended up in front of squid to make some of those problems go away.


Top
 Profile  
 
 Post subject:
PostPosted: 12 Feb 2008 20:44 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
andrew wrote:
HAVP doesn't support underscores in hostnames.


HAVP doesn't care about that.


Quote:
It also doesn't process ftp:// urls as well as squid.


Ofcourse as there is no ftp support. You should use the recommended sandwich configuration.


Top
 Profile  
 
 Post subject:
PostPosted: 12 Feb 2008 21:12 
Offline

Joined: 12 Feb 2008 19:03
Posts: 3
hege wrote:
andrew wrote:
HAVP doesn't support underscores in hostnames.


HAVP doesn't care about that.


That's funny. Simply switching the program order (HAVP forwarding to squid instead of squid forwarding to HAVP) fixed the problem. That tends to point to HAVP.

Quote:
It also doesn't process ftp:// urls as well as squid.


Ofcourse as there is no ftp support. You should use the recommended sandwich configuration.[/quote]

Sounds good. I'm finding those things out the hard way which is fine. I tend to learn things better that way.

Either way- the arbitrary 443 and 563 CONNECT limitation isn't documented anywhere and presented a problem for me. Hence my post in the "wishes" forum.


Top
 Profile  
 
 Post subject:
PostPosted: 12 Feb 2008 21:18 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
andrew wrote:
That's funny. Simply switching the program order (HAVP forwarding to squid instead of squid forwarding to HAVP) fixed the problem. That tends to point to HAVP.


HAVP uses gethostbyname() so it's up to your OS system library to allow it or not. Maybe adding "options no-check-names" to resolv.conf will fix it.

You do know that underscores are not very legal in hostnames? :)


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group