Squid->HAVP->Squid Configuration



  • Can anyone please share Squid->HAVP->Squid Configuration screenshots.

    Thanks.



  • It's in portuguese but you can google translate  it  :)

    http://nextsense.com.br/blog/archives/680



  • Marcelloc,

    what i am looking for is squid sandwich configuration i.e.

    {inet} -> Squid -> HAVP -> Squid 2 -> {clients}

    To my understanding the link is about standard HAVP -> Squid config.

    Thanks



  • You mean two squids on the same pfsense?

    Did you tried dansguardian-> squid? Dansguardian has some auth pass through functions as well clamav native support.



  • yes thats what i meant 2 squids.

    I have not tried dansguardian.

    so do you mean to test try

    {inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

    2 questions

    1. can we not have 2 squid process on pfsense - as wanted from original post
    2. if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.


  • @reshab912:

    so do you mean to test try
    {inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

    I mean
    {inet} -> squid -> dansguardian(with clamav enabled) -> {clients} ??

    @reshab912:

    1. can we not have 2 squid process on pfsense - as wanted from original post

    You can if you create the second config file and edit/create another startup script on /usr/local/etc/rc.d
    Filer package can help you on keeping second config file and startup script on xml backup

    @reshab912:

    1. if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.

    I prefer dansguardian acls but you can setup the way you want with user auth. Ip acls will not work on squid as it will have 127.0.0.1 as client ip.

    Did you tried  {inet} -> havp -> squid  -> {clients} ??

    att,
    Marcello Coutinho



  • Thanks for your replies

    Yes, {inet} -> havp -> squid  -> {clients}, works fine as

    • havp detected virus with eicar.org
    • squid has entries in both cache and access logs.

    But with current setup some sites open very slow e.g. youtube - i think this is due to havp. i whitelisted youtube and have good results. That is the reason I was thinking for sandwich config, coz then I dont have to whitelist anything in HAVP


Log in to reply