How to configure HAVP
-
Hi all,
i've searched all over the web for this answer, but actually i've not found this!
Can anyone explain me how to configure HAVP to scan http traffic and block download of infected files?
I've installed HAVP and SQUID, it's possible to work HAVP standalone or need a proxy server?Thansk a lot!!!
-
Hi all,
i've searched all over the web for this answer, but actually i've not found this!
Can anyone explain me how to configure HAVP to scan http traffic and block download of infected files?
I've installed HAVP and SQUID, it's possible to work HAVP standalone or need a proxy server?Thansk a lot!!!
HAVP - http antivirus proxy. You must configure havp on LAN iface with proxy port different by squid-port (squid default 3128) And coinfigure client browser to the havp proxy port.
Now havp not supported work via squid (squid > havp > inet) and not supported 'transparent proxy'. But i work with this. -
Ok i will try, but what do you mean with "Now havp not supported work via squid"? Do you mean that HAVP will not block virus downloading or infected pages anyway?
Squid is necessary for HAVP working?Thx for your time!
LiquiD
-
Ok i will try, but what do you mean with "Now havp not supported work via squid"? Do you mean that HAVP will not block virus downloading or infected pages anyway?
Squid is necessary for HAVP working?Thx for your time!
LiquiDAhm :)
HAVP - this is a full proxy. You can use for your users without squid.
Havp block infected content (scripts, downloads & etc ..) -
Thanks a lot, i'm trying now i'll tell if successfull!
Thnx for your time
-
It's working 100%, it's a very good tool. With transparent proxy will be perfect!
Thanks a lot!
bye.
LiquiD -
can havp(squid not installed) be used on several networks/vlans ?
i seem only to be able to choose lan, is that doable?
/F
-
can havp(squid not installed) be used on several networks/vlans ?
i seem only to be able to choose lan, is that doable?
/F
Thanks for good question. I must explore this.
-
Quick questions:
- How long is support for transparent proxy with squid?
- General question, why pfsense do not support or not fully some packages such as HAVP or Dansguardian while others distro such as endian or smoothwall haven't problems to implement theese?
Thanks!
-
- General question, why pfsense do not support or not fully some packages such as HAVP or Dansguardian while others distro such as endian or smoothwall haven't problems to implement theese?
Because they are completely different product with different goals? I think I understand the spirit of the question but it's like asking why orange juice comes from oranges and not apples. It would make as much sense to go to the smoothwall forum and ask why they don't have a freeswitch package or carp support.
Just guessing but I would imagine it is almost certainly down to a matter of priorities and time. The bonus so far is that under pfSense it would seem that anything has been possible … given the time and priority.
-
Quick questions:
…
2) General question, why pfsense do not support or not fully some packages such as HAVP or Dansguardian while others distro such as endian or smoothwall haven't problems to implement theese?The question is who this will do? And why? If you need a package - you can do it himself or ask someone else.
-
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Thank you very much!
LiquiD
-
… If you need a package ...
I'm not so expert :(
-
it's like asking why orange juice comes from oranges and not apples
Hahaha … Very sympathetic, i understand perfectly, i'm a C++ and Deplhi programmer, not very expert, but i can understand this kind of situations!!
Thanks a lot!
-
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Sorry.
I just wanted to say that there are 2 ways - to do it himself or ask someone else.
pfSense is not commercial project and the developers can not do everything at once.
What you see in the packages do different people at different times for their own needs.
And only then it is added to the packages.
The support package is also being done by those who made their.
Sorry my english :-[ -
Thanks to dvserg and adrianhensler, i've asked just to know, not for criticize! Dansguardian seems a very powerfull tool to block a lot of category of searches and urls (ex. violence hacking etc.)!
Sorry.
I just wanted to say that there are 2 ways - to do it himself or ask someone else.
pfSense is not commercial project and the developers can not do everything at once.
What you see in the packages do different people at different times for their own needs.
And only then it is added to the packages.
The support package is also being done by those who made their.
Sorry my english :-[
[/quote]Yes, yes of course!!!
No, sorry for MY english i'm italian i kown english from school and not very well :D:D:Dthanks a lot!
-
Hello ,
I installed 1.2.2 version and i want to use squid + squidguard + imspector+ havp ..squid and squidguard are working but havp i think is not running i am not sure . ( how to decide this dont know ) .I conf to squid port 8080 and havp port is the same squid port 8080.I read this form this port must diffrent.When i change the proxy port 3128 and havp port 8080 and set the client proxy port to 8080.this time client can't access web .What isthe mistake i did.
Thank you very much.
Ps: I am a new user .
-
Hello ,
I installed 1.2.2 version and i want to use squid + squidguard + imspector+ havp ..squid and squidguard are working but havp i think is not running i am not sure . ( how to decide this dont know ) .I conf to squid port 8080 and havp port is the same squid port 8080.I read this form this port must diffrent.When i change the proxy port 3128 and havp port 8080 and set the client proxy port to 8080.this time client can't access web .What isthe mistake i did.
Thank you very much.
Ps: I am a new user .
You can use HAVP independently - define Interface & free port (different by squid). Configure you clients browser to this interface ip/port
Also for use HAVP with squid (INET -> HAVP -> SQUID -> Client) you must configure HAVP with internal client and configure squid : http://doc.pfsense.org/index.php/Squid_Package_Tuning - 'Parent proxy' part. -
Currently, I have a firewall that can use havp to AV scan things that squid is proxying. It's configured in the way you describe: INET -> HAVP -> SQUID -> Client And, I have squid set up to be a transparent proxy also. Everything seems to be working. Question is, squid can work as an FTP proxy also. But, when I send the ftp request to squid, it gets the files, but it does not seem to be scanning the files. Any ideas how I can make havp scan the files that squid gets through ftp?
Also, is there a way to make squid and/or havp work as an ftp transparent proxy? (I know the last question is a little off topic)
Thanks
-
Squid & HAVP is a http proxy. Maybe ftp over http only will filtered (via browser)?