Havp package with trasparent squid proxy

hdavy2002

Hi all,

I have a dell Poweredge with 2gh Dual core and 4 gb ram. I have 60 gb on raid 0 (config's are backed up)

I have Squid in transparent proxy more. It is running great. I decided to install the Antivirus: HTTP proxy (havp + clamav) package.

I configured as the snips says. My squid proxxy is 3218 and antivirus is 3219. The services for AV is up. I went to http://www.eicar.org/anti_virus_test_file.htm and tried to download a test file and it just downloaded it. I thought the havp would block it. Am I missing something.

dvserg

Transparent maybe only one proxy. If squid is transparent - havp ignored transparent option and work as standard proxy.

hdavy2002

Done as suggested. Still no luck. I can still download the virus file. Do I need to change the port to the squid port? that is 3218. I tried to redirect the browser to the proxy ip address:port and it worked.

since I do not want to go an configure all the browsers ( I cannot do this via GP as I have a software which uses local admin right and the GP never updates on them, still working on it)

IS there any other way this can be achieved using transparent squid? pfsense is really stuff. I am really happy with it.

dvserg

http://doc.pfsense.org/index.php/HAVP_Package_for_HTTP_Anti-Virus_Scanning

tester_02

I played with this package a few months ago and did not have luck with it.
Tried it again after reading this post. (dvserg's point to doc post).

It works great transparent off on squid, on on hvap.

Did a proxy test and found hvap, and did an ecar test and hvap blocked the page.  It did let the download go though though (client antivirus got it), so I know I have a bit more to play with the file setting….

What I did not get to work was hvap + squid + squidguard.  When hvap is off, and I just use squid+squidguard everything works.  If I turn transparent off in sqid and turn on hvap in transparent, I see that hvap is found as the proxy and I can browse.  The problem is that there is no blocking via squidguard.  Any way to enable squid + sqidguard?

General question, how do I tell if squid is even working behind hvap?  Maybe hvap is doing the proxy, but bypassing squid altogether?

ColdFusion

I have squid,havp,squidguard installed. The only way it works for me quite well is:

Squid transparent off
Havp transparent on
Havp parent proxy field (lan ip:squid port) ex. 192.168.0.1:3128
Havp forwarded ip checked
Squid Disable X-Forward unchecked
                  Disable VIA unchecked

Squid, Squidguard, Havp works perfectly now.

John

tester_02

Thanks Coldfusion!  That did the trick…  I was missing the parent proxy field...

Now I have hvap+squd+squidguard working great under transparent!

I even got hvap to block the ecair test virus, and it's even blocking the ads again.

What a nice system!!!!!

Congrats to dvserg for getting it to work!

ColdFusion

Great..some of the things you might see in the logs sometimes is "can't send header or body to browser and also server number low spawning new..You can still increase the min/max servernumber in havp.inc…......I guess a still a WIP, but even with that it still works everytime.