HAVP without Squid. Does not block anything
-
What in /tmp/rules.debug section
# havp proxy ifaces redirect
-
Thanks for the quick response. Here's the relevant section from /tmp/rules.debug:
# havp proxy ifaces redirect rdr on em1 proto tcp from any to !(em1) port 80 -> lo0 port 3125 rdr on em1 proto tcp from any to (em1) port 3125 -> lo0 port 3125 rdr on em3 proto tcp from any to !(em3) port 80 -> lo0 port 3125 rdr on em3 proto tcp from any to (em3) port 3125 -> lo0 port 3125
There is also this related section:
# havp proxy ifaces rules pass in quick on em1 proto tcp from any to !(em1) port 80 flags S/SA keep state pass in quick on em3 proto tcp from any to !(em3) port 80 flags S/SA keep state
What in /tmp/rules.debug section
# havp proxy ifaces redirect
-
Hm.. all right.
If you interfaces not bridged - must work.File /var/log/havp/access.log contains last clients requests. Check pls what content in this file.
-
The access.log file is empty. I tried loading a few pages in my browser including the eicar page and initiated a download of the eicar after clearing my browser cache. Went back and looked at the access.log. Still Nothing.
Please let me know where to look next.
Thanks.
Hm.. all right.
If you interfaces not bridged - must work.File /var/log/havp/access.log contains last clients requests. Check pls what content in this file.
-
Pls setup proxy settings in you browser and test howto work this.
-
I have tried everything I can think of -
1. Uninstalled and reinstalled havp from the UI.
2. Used pkg_delete to delete havp, clamav and arj.
3. Reinstalled havp using pkg_add using the following -
```
pkg_add -r havp http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/havp.tbzThis appears to install newer versions of havp, clamav and arj; however, I don't see any way to configure this using the PFSense UI. No idea what is involved in configuring this manually. 4\. Reinstalled the havp from the pfsense package manager. 5\. Changed the Proxy mode to "Standard". Set the port to "8080". On my PC, I set the proxy settings in Internet Explorer to the IP address of pfsense and port 8080\. Can't access the internet at all with this proxy setting. However, nothing gets logged in either /var/log/havp/access.log or /var/log/havp/havp.log What am I doing wrong? I would really like to get this working. Thanks.
-
Oddly I have always been able to download those files on my setup and nothing ever gets logged to the files in /var/log/havp but I know it does some good as I find quite a few of this type of message on the syslog server.
havp[49826]: 172.31.225.226 GET 301 http://www.themoscowtimes.com/news/article/police-upgrade-web-site-ahead-of-reforms/431422.html 901+28129 VIRUS Clamd: Exploit.JS.CVE-2006-1359
PLEASE DO NOT CHECK THAT URL UNLESS YOUR ANTI-VIRUS IS UP TO DATE.
-
hi, just following up if this was resolved…
I just reinstalled pfsense (on a new box) and have run into the same exact situation.
any hints or pointers are much appreciated.
-
just blew the box away and installed 2.0 RC1 and seeing the same behavior in this.
-
weird but rebooting the system after seems to make it work - maybe i just needed to 'rehash' from ssh…