• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Havp blocking (?)

Scheduled Pinned Locked Moved pfSense Packages
6 Posts 2 Posters 2.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    awsiemieniec
    last edited by Oct 29, 2013, 11:00 PM

    pfSense: 2.0.2-RELEASE (i386)
    HAVP: 0.91_1 pkg v1.01
    squid: 2.7.9 pkg v.4.3.3

    No install of snort.

    when going to a site I get:

    HAVP

    The following server is down:
    Connection failed

    /var/squid/logs/access.log has:

    TCP_MISS/200 1235 GET http://ebptllc.com/ - DEFAULT_PARENT/havp text/html

    HAVP whitelist includes:
    .ebptllc.com/

    Any ideas why I can't get access to this site?  If I access the site from a different network, it works fine.  DNS is good - it resolves correctly, as does nslookup from the console.
    ?

    Thanks.

    1 Reply Last reply Reply Quote 0
    • A
      awsiemieniec
      last edited by Oct 30, 2013, 6:03 AM

      I don't think HAVP is doing any sort of blocking, same with squid.  But something in pfSense is not allowing the connection to the site: ebptllc.com.

      1 Reply Last reply Reply Quote 0
      • A
        awsiemieniec
        last edited by Oct 30, 2013, 4:49 PM

        Where do I look, what log would show something about why people are unable to connect to a web site?  site in question is ebptllc.com.  When people browse to ebptllc.com from the LAN behind pfSense, the site is unavailable.  If I browse to the same site from another network, the site pulls up.

        Any suggestions?

        Thanks,
        Aaron

        1 Reply Last reply Reply Quote 0
        • A
          awsiemieniec
          last edited by Oct 30, 2013, 6:08 PM

          found one occurance of TCP_MISS/403 in the access.log for squid.  Looks like the origin side is blocking the IP.  Called host and removed block.  Not a HAVP, pfSense or squid issue.

          1 Reply Last reply Reply Quote 0
          • R
            Ramosel
            last edited by Oct 31, 2013, 2:55 PM

            So do you have both squid and HAVP setup as transparent proxies? 
            If so, you should set HAVP as a "parent for squid"

            That said, this is not how HAVP blocking will alert you.
            If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
            You can test this safely with these downloads at EIECAR

            http://www.eicar.org/85-0-Download.html

            1 Reply Last reply Reply Quote 0
            • A
              awsiemieniec
              last edited by Nov 5, 2013, 5:36 AM

              @Ramosel:

              So do you have both squid and HAVP setup as transparent proxies? 
              If so, you should set HAVP as a "parent for squid"

              That said, this is not how HAVP blocking will alert you.
              If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
              You can test this safely with these downloads at EIECAR

              http://www.eicar.org/85-0-Download.html

              Correct, that is how squid and HAVP are setup - HAVP as "parent for squid" and I do/did get the blue and orange graphic screen stating HAVP blocking.

              Thx.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received