HTTP Anti-Virus Proxy

Official HAVP Support Forum
Registration disabled, I'm tired of spambots. E-mail havp@hege.li if you have questions.
HAVP project is pretty much frozen/abandoned at this time anyway.
It is currently 22 Jun 2014 09:52

All times are UTC + 2 hours [ DST ]




Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next
Author Message
PostPosted: 10 Dec 2008 09:00 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
09/12/2008 08:49:56 (192.168.77.77) Could not send header to browser
09/12/2008 08:49:56 (192.168.77.77) Could not send header to browser
09/12/2008 09:06:19 (192.168.77.77) Could not send header to browser
09/12/2008 11:16:43 (192.168.77.77) Could not read browser body
09/12/2008 13:51:19 (192.168.77.77) Could not send header to browser
09/12/2008 13:52:10 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
09/12/2008 13:53:05 (192.168.77.77) Could not send header to browser
09/12/2008 16:01:03 (192.168.77.77) Could not send header to browser
09/12/2008 16:55:58 (192.168.77.77) Could not send header to browser
10/12/2008 12:35:32 (192.168.77.77) Could not send header to browser
10/12/2008 12:35:54 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:40:33 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:40:33 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:40:44 (192.168.77.77) Could not send header to browser
10/12/2008 12:41:04 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:45:33 (192.168.77.77) Could not send header to browser
10/12/2008 12:46:02 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:50:05 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:50:19 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)
10/12/2008 12:50:19 (192.168.222.100) Could not read server header (192.168.77.77/mail.pulse.com.au:80)


what's wrong ?


Last edited by badm4n on 19 Feb 2009 09:02, edited 1 time in total.

Top
 Profile  
 
PostPosted: 10 Dec 2008 11:22 
Offline
HAVP Developer

Joined: 27 Feb 2006 18:12
Posts: 687
Location: Finland
Read FAQ.

viewtopic.php?f=2&t=4

Reduce LOGLEVEL.


Top
 Profile  
 
PostPosted: 10 Dec 2008 11:30 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
yes i know

i use false 1

i set full log because that website
already whitelisted ( because same reason ) but still can accessed

"parentproxy" down
but when i bypass ( direct / disable havp only ) to my proxy it's have zero problem


Top
 Profile  
 
PostPosted: 17 Dec 2008 07:13 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
any solution ?
http://my.blog.or.id/v2/10122008/1-serv ... -squid-27/


Top
 Profile  
 
PostPosted: 16 Feb 2009 14:28 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
any answer ?


it's look like the whitelist not work


Top
 Profile  
 
PostPosted: 18 Feb 2009 11:49 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
What's your problem? You open more then one thread about one problem, give no response about my suggestions. To this day, i don't know about your squid version.
How can anybody help you? What dou you expect?

Help was offered to you. See faq's. Still, there is any problem in your squid configuration and no log messages to this day ...

Please forgive me, but people spend time to help you, but no cooperation ..

Edit :arrow: found squid version in your blog


Top
 Profile  
 
PostPosted: 18 Feb 2009 12:42 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
karesmakro wrote:
What's your problem? You open more then one thread about one problem, give no response about my suggestions. To this day, i don't know about your squid version.
How can anybody help you? What dou you expect?

Help was offered to you. See faq's. Still, there is any problem in your squid configuration and no log messages to this day ...

Please forgive me, but people spend time to help you, but no cooperation ..

Edit :arrow: found squid version in your blog



sorry
about 2 topic it's actually viewtopic.php?f=3&t=404
i have problem
some site i put on whitelist but havp still do scan on the site

at viewtopic.php?f=3&t=403
i wrote that is log from error log

any solution ?


Top
 Profile  
 
PostPosted: 18 Feb 2009 12:53 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
As far as i know, whitelisted entries are not scanned but have an entry in messages and should be ignored. If you don't want, that the traffic of your exception site goes through havp, you have to make a proxy exception in squid by direct access.

At point 2 of your question: is it possible, that you use only one nic for incoming and outgoing traffic?

And which versions of havp and clamav are you actually using?

greetings :wink:


Top
 Profile  
 
PostPosted: 18 Feb 2009 12:58 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
I saw your havp configuration a second time and recommend you, to
change parent proxy to 127.0.0.1, if squid is on the same machine.
I remember of some problems, if you're using nic ip adress ...

and why you are using 2 cache peer addresses?

Perhaps this solves your problem ... ?


Top
 Profile  
 
PostPosted: 18 Feb 2009 13:15 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
which versions of havp and clamav are you actually using?
HAVP Version: 0.89
(squid/2.7.STABLE3)


root@castor:/etc/sysconfig/htb# tail -f /var/log/havp/error.log
18/02/2009 17:13:08 === Starting HAVP Version: 0.89
18/02/2009 17:13:08 Running as user: havp, group: havp
18/02/2009 17:13:08 Use parent proxy: 127.0.0.1:2012
18/02/2009 17:13:08 Use transparent proxy mode
18/02/2009 17:13:08 --- Initializing ClamAV Library Scanner
18/02/2009 17:13:08 ClamAV: Using database directory: /usr/local/share/clamav
18/02/2009 17:13:09 ClamAV: Loaded 511059 signatures (engine 0.94.2)
18/02/2009 17:13:09 ClamAV Library Scanner passed EICAR virus test (Eicar-Test-Signature)
18/02/2009 17:13:09 --- All scanners initialized
18/02/2009 17:13:09 Process ID: 31573

Whitelist working

Browser (User-Agent) Exposed Headers Values
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Accept-Encoding: gzip,deflate
Connection: keep-alive
Cache-Control: max-age=0
X-Forwarded-For: 192.168.222.222, 127.0.0.1
Via: 1.0 HAVP, 1.0 castor.gpi-g.com:80 (squid/2.7.STABLE3)

the parent proxy changed to 127.0.0.1
and HAVP still running



Perhaps this solves your problem ... ? : YES... Thank you verymuch

so the point of my problem is comming from parent proxy address ?


Top
 Profile  
 
PostPosted: 18 Feb 2009 13:29 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
Yes. As i remember, i had the same problem long time ago ...
I'm happy, i could help you!

Can you please change subject to solved?

greetings, Kare :wink:


Top
 Profile  
 
PostPosted: 19 Feb 2009 09:07 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
karesmakro wrote:
Yes. As i remember, i had the same problem long time ago ...
I'm happy, i could help you!

Can you please change subject to solved?

greetings, Kare :wink:



yes

hmmmm

oot : kare : you told me that you has same problem... is you running havp and squid in 1 server too ?


Top
 Profile  
 
PostPosted: 19 Feb 2009 11:08 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
That's right. I've one debian server with squid - havp -clamv and one IPCop in front of my debian server with clamav + havp too. The one on my debian server is for experimental and to prepare configuration for companies.
Why this question?

greetings, Kare :wink:


Top
 Profile  
 
PostPosted: 19 Feb 2009 13:25 
Offline

Joined: 25 Nov 2008 10:58
Posts: 24
karesmakro wrote:
That's right. I've one debian server with squid - havp -clamv and one IPCop in front of my debian server with clamav + havp too. The one on my debian server is for experimental and to prepare configuration for companies.
Why this question?

greetings, Kare :wink:


maybe you can share your config

squid and havp ?
and rc.local maybe ?


Top
 Profile  
 
PostPosted: 19 Feb 2009 14:06 
Offline

Joined: 23 Apr 2008 09:36
Posts: 101
Which configuration do you want? I have one with havp and squid configured as a sandwich (which decreases a little bit the performance) and was described in a thread of me where you asked for havp config:
http://havp.hege.li/forum/viewtopic.php?f=3&t=399 (next to last thread)
or you wanna configuration like havp -> squid, which is simplier to configure.

I can't post the whole squid configuration, because there are much of acl's and ncsa authentication.

This one is an example, to configure squid -> havp

squid.conf
Code:
acl traffic_all src 0.0.0.0/0.0.0.0
acl Scan_HTTP proto HTTP
acl Scan_FTP proto FTP

acl NOSCAN dstdomain www.domain_not_to_scan.de
always_direct allow NOSCAN

cache_peer 127.0.0.1 parent 8080 0 no-query no-digest no-netdb-exchange default
cache_peer_access 127.0.0.1 allow traffic_all

always_direct allow Scan_FTP
never_direct allow Scan_HTTP

and in havp.config
Code:
Port 8080
without any parent proxy entry

Hint: do not copy and paste, this is squid configuration from older release! Configuration should be similar, like configuration in the link above. If you decide to want this configuration, let me know and i look at my server to find the correct configuration about squid 2.7!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ]  Go to page 1, 2  Next

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: Google [Bot], Yahoo [Bot] and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group