HAVP proxy issue

rajbps

HAVP has already added the following "never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"
Could I just add a second directive?

Cheers,

Raj

marcelloc

@rajbps:

HAVP has already added the following "never_direct allow all

sorry, I mean always_direct to add exceptions to havp :)

rajbps

So the custom option is currently "never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;" and I change it to look like "always_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

Would HAVP still detect viruses on http?

By the way thanks marcelloc for all the hard job.

Cheers,

Raj

marcelloc

keep never_direct acl the way it is and include always_direct acl before it with sites you want/need to skip havp

rajbps

so if i were to allow adobe.com then the custom setting would be : "always_direct;adobe.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

If I need more sites, it would be "always_direct;adobe.com;facebook.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

Correct?

Cheers,

Raj

marcelloc

remove ; during acl declaration.

always_direct .adobe.com .facebook.com;

rajbps

Hi Marcello,

Here is the rule that I have currently "always_direct .get.adobe.com .youtube.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;" and I am still having issues with adobe reader or flash player download.

I get the error "Unable to unzip metafile file"

Where did I go wrong pls?

Cheers,

Raj

marcelloc

I`ve posted just a sample, not a real config. You need an acl before always_direct directive, take a look on squid wiki page.

http://www.squid-cache.org/Doc/config/always_direct/

rajbps

I believe this should be the rule "always_direct allow .get.adobe.com .youtube.com;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

According to the http://www.squid-cache.org/Doc/config/always_direct/

"For example, to always directly forward requests for
local servers ignoring any parents or siblings you may have use
something like:

acl local-servers dstdomain my.domain.net
always_direct allow local-servers"

What am I missing pls

Sorry to be a bit stupid but this is my first attempt with squid. :-(

Cheers,

Raj

marcelloc

@rajbps:

What am I missing pls
Sorry to be a bit stupid but this is my first attempt with squid. :-(

change

always_direct .get.adobe.com .youtube.com

to

acl skip_havp dstdomain .get.adobe.com .youtube.com; always_direct allow skip_havp;

Take a good look on squid wiki web site to learn how it works ;)

rajbps

Its still not working "acl skip_havp dstdomain .get.adobe.com .youtube.com; always_direct allow skip_havp;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

But i read a bit more, most likely I still have some questions ;-(

rajbps

Though any more help always welcome :-)

rajbps

Got it sorted spaces in the argument was the issue, here is the right formula for anyone out there "acl skip_havp dstdomain .adobe.com .youtube.com;always_direct allow skip_havp;never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default;"

A great thanks to marcello for all the help.

By the way marcello is there a better way to add sites as this might get pretty ugly pretty quickly something like allowed websites list.

Cheers,

Raj

marcelloc

@rajbps:

By the way marcello is there a better way to add sites as this might get pretty ugly pretty quickly something like allowed websites list.

As squid3 package is beta, I can include an always_direct field on it's gui when I have time. ;)

rajbps

quote:

Hi Team,

I have installed squid then sarg and the HAVP on a pfsense system 2.0

That site (A) is connected via vpn to another site (B).

There is a intranet server that runs at site B and all the pcs at A goes to it by just typing the word "intranet" in the browser but now after installing HAVP, the are getting an error msg instead of the site.

If they type the ip they can open it in the web browser.

Here is the error attached.

Could someone assist pls.

Cheers,

Raj

havp error.png (35.18 KB, 1022x730 - viewed 13 times.)
Report to moderator 82.7.158.122
marcelloc
Hero Member

Offline Offline

Posts: 6853

View Profile Personal Message (Offline)

Re: HAVP proxy issue
« Reply #1 on: October 11, 2012, 09:39:23 am »
Reply with quoteQuote
try to include intranet and it's ip on /etc/hosts pfsense file.

restart havp/save config to be sure it will reload config.
« Last Edit: October 11, 2012, 10:21:39 am by marcelloc » Report to moderator Logged
Did I helped you? Donations are always welcome! Grin

Te ajudei? Doações são sempre bem vindas! Grin

When I reboot the firewall, I loose the entry in the /etc/hosts file and need to add it again.

Is there a way to make it become permanent pls?

Cheers,

Raj

marcelloc

try to use always_direct directive on squid or add it to client browser exception.

I'm not sure if there is /etc/hosts.local on pfsense to keep changes after reboot.

rajbps

Hi Marcello,

Now that i removed the entry from the host fill and added the entry where you asked this is what I get:

error.png_thumb

rajbps

Ok added an entry in the dns forwarder and that seems to done the trick :-)