Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid->HAVP->Squid Configuration

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 2 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      reshab912
      last edited by

      Can anyone please share Squid->HAVP->Squid Configuration screenshots.

      Thanks.

      1 Reply Last reply Reply Quote 0
      • marcellocM
        marcelloc
        last edited by

        It's in portuguese but you can google translate  it  :)

        http://nextsense.com.br/blog/archives/680

        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • R
          reshab912
          last edited by

          Marcelloc,

          what i am looking for is squid sandwich configuration i.e.

          {inet} -> Squid -> HAVP -> Squid 2 -> {clients}

          To my understanding the link is about standard HAVP -> Squid config.

          Thanks

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            You mean two squids on the same pfsense?

            Did you tried dansguardian-> squid? Dansguardian has some auth pass through functions as well clamav native support.

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • R
              reshab912
              last edited by

              yes thats what i meant 2 squids.

              I have not tried dansguardian.

              so do you mean to test try

              {inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

              2 questions

              1. can we not have 2 squid process on pfsense - as wanted from original post
              2. if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.
              1 Reply Last reply Reply Quote 0
              • marcellocM
                marcelloc
                last edited by

                @reshab912:

                so do you mean to test try
                {inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

                I mean
                {inet} -> squid -> dansguardian(with clamav enabled) -> {clients} ??

                @reshab912:

                1. can we not have 2 squid process on pfsense - as wanted from original post

                You can if you create the second config file and edit/create another startup script on /usr/local/etc/rc.d
                Filer package can help you on keeping second config file and startup script on xml backup

                @reshab912:

                1. if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.

                I prefer dansguardian acls but you can setup the way you want with user auth. Ip acls will not work on squid as it will have 127.0.0.1 as client ip.

                Did you tried  {inet} -> havp -> squid  -> {clients} ??

                att,
                Marcello Coutinho

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • R
                  reshab912
                  last edited by

                  Thanks for your replies

                  Yes, {inet} -> havp -> squid  -> {clients}, works fine as

                  • havp detected virus with eicar.org
                  • squid has entries in both cache and access logs.

                  But with current setup some sites open very slow e.g. youtube - i think this is due to havp. i whitelisted youtube and have good results. That is the reason I was thinking for sandwich config, coz then I dont have to whitelist anything in HAVP

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.