HAVP proxy issue
-
Hi Team,
I have installed squid then sarg and the HAVP on a pfsense system 2.0
That site (A) is connected via vpn to another site (B).
There is a intranet server that runs at site B and all the pcs at A goes to it by just typing the word "intranet" in the browser but now after installing HAVP, the are getting an error msg instead of the site.
If they type the ip they can open it in the web browser.
Here is the error attached.
Could someone assist pls.
Cheers,
Raj
 -
try to include intranet and it's ip on /etc/hosts pfsense file.
restart havp/save config to be sure it will reload config.
-
Ok that did the trick.
Another question if I may, now when installing things like adobe reader or flash , I get the error "Unable to unzip metafile file"
If i switch off Havp Proxy and remove the rule from squid, it works fine.
Any idea oon how to stop this pls.
Cheers,
Raj
-
anyone in the forum has had any experiance with this issue by any chance?
-
you can add site exceptions using never_direct squid directive on custom options
-
HAVP has already added the following "never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
Could I just add a second directive?Cheers,
Raj
-
HAVP has already added the following "never_direct allow all
sorry, I mean always_direct to add exceptions to havp :)
-
So the custom option is currently "never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;" and I change it to look like "always_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
Would HAVP still detect viruses on http?
By the way thanks marcelloc for all the hard job.
Cheers,
Raj
-
keep never_direct acl the way it is and include always_direct acl before it with sites you want/need to skip havp
-
so if i were to allow adobe.com then the custom setting would be : "always_direct;adobe.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
If I need more sites, it would be "always_direct;adobe.com;facebook.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
Correct?
Cheers,
Raj
-
remove ; during acl declaration.
always_direct .adobe.com .facebook.com;
-
Hi Marcello,
Here is the rule that I have currently "always_direct .get.adobe.com .youtube.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;" and I am still having issues with adobe reader or flash player download.
I get the error "Unable to unzip metafile file"
Where did I go wrong pls?
Cheers,
Raj
-
I`ve posted just a sample, not a real config. You need an acl before always_direct directive, take a look on squid wiki page.
http://www.squid-cache.org/Doc/config/always_direct/
-
I believe this should be the rule "always_direct allow .get.adobe.com .youtube.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
According to the http://www.squid-cache.org/Doc/config/always_direct/
"For example, to always directly forward requests for
local servers ignoring any parents or siblings you may have use
something like:acl local-servers dstdomain my.domain.net
always_direct allow local-servers"What am I missing pls
Sorry to be a bit stupid but this is my first attempt with squid. :-(
Cheers,
Raj
-
What am I missing pls
Sorry to be a bit stupid but this is my first attempt with squid. :-(change
always_direct .get.adobe.com .youtube.com
to
acl skip_havp dstdomain .get.adobe.com .youtube.com; always_direct allow skip_havp;
Take a good look on squid wiki web site to learn how it works ;)
-
Its still not working "acl skip_havp dstdomain .get.adobe.com .youtube.com; always_direct allow skip_havp;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
But i read a bit more, most likely I still have some questions ;-(
-
Though any more help always welcome :-)
-
Got it sorted spaces in the argument was the issue, here is the right formula for anyone out there "acl skip_havp dstdomain .adobe.com .youtube.com;always_direct allow skip_havp;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
A great thanks to marcello for all the help.
By the way marcello is there a better way to add sites as this might get pretty ugly pretty quickly something like allowed websites list.
Cheers,
Raj
-
By the way marcello is there a better way to add sites as this might get pretty ugly pretty quickly something like allowed websites list.
As squid3 package is beta, I can include an always_direct field on it's gui when I have time. ;)
-
quote:
Hi Team,
I have installed squid then sarg and the HAVP on a pfsense system 2.0
That site (A) is connected via vpn to another site (B).
There is a intranet server that runs at site B and all the pcs at A goes to it by just typing the word "intranet" in the browser but now after installing HAVP, the are getting an error msg instead of the site.
If they type the ip they can open it in the web browser.
Here is the error attached.
Could someone assist pls.
Cheers,
Raj
- havp error.png (35.18 KB, 1022x730 - viewed 13 times.)
Report to moderator 82.7.158.122
marcelloc
Hero Member
Offline Offline
Posts: 6853
View Profile Personal Message (Offline)
Re: HAVP proxy issue
« Reply #1 on: October 11, 2012, 09:39:23 am »
Reply with quoteQuote
try to include intranet and it's ip on /etc/hosts pfsense file.restart havp/save config to be sure it will reload config.
« Last Edit: October 11, 2012, 10:21:39 am by marcelloc » Report to moderator Logged
Did I helped you? Donations are always welcome! GrinTe ajudei? Doações são sempre bem vindas! Grin
When I reboot the firewall, I loose the entry in the /etc/hosts file and need to add it again.
Is there a way to make it become permanent pls?
Cheers,
Raj
- havp error.png (35.18 KB, 1022x730 - viewed 13 times.)
