Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Havp blocking (?)

    Scheduled Pinned Locked Moved pfSense Packages
    6 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      awsiemieniec
      last edited by

      pfSense: 2.0.2-RELEASE (i386)
      HAVP: 0.91_1 pkg v1.01
      squid: 2.7.9 pkg v.4.3.3

      No install of snort.

      when going to a site I get:

      HAVP

      The following server is down:
      Connection failed

      /var/squid/logs/access.log has:

      TCP_MISS/200 1235 GET http://ebptllc.com/ - DEFAULT_PARENT/havp text/html

      HAVP whitelist includes:
      .ebptllc.com/

      Any ideas why I can't get access to this site?  If I access the site from a different network, it works fine.  DNS is good - it resolves correctly, as does nslookup from the console.
      ?

      Thanks.

      1 Reply Last reply Reply Quote 0
      • A
        awsiemieniec
        last edited by

        I don't think HAVP is doing any sort of blocking, same with squid.  But something in pfSense is not allowing the connection to the site: ebptllc.com.

        1 Reply Last reply Reply Quote 0
        • A
          awsiemieniec
          last edited by

          Where do I look, what log would show something about why people are unable to connect to a web site?  site in question is ebptllc.com.  When people browse to ebptllc.com from the LAN behind pfSense, the site is unavailable.  If I browse to the same site from another network, the site pulls up.

          Any suggestions?

          Thanks,
          Aaron

          1 Reply Last reply Reply Quote 0
          • A
            awsiemieniec
            last edited by

            found one occurance of TCP_MISS/403 in the access.log for squid.  Looks like the origin side is blocking the IP.  Called host and removed block.  Not a HAVP, pfSense or squid issue.

            1 Reply Last reply Reply Quote 0
            • R
              Ramosel
              last edited by

              So do you have both squid and HAVP setup as transparent proxies? 
              If so, you should set HAVP as a "parent for squid"

              That said, this is not how HAVP blocking will alert you.
              If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
              You can test this safely with these downloads at EIECAR

              http://www.eicar.org/85-0-Download.html

              1 Reply Last reply Reply Quote 0
              • A
                awsiemieniec
                last edited by

                @Ramosel:

                So do you have both squid and HAVP setup as transparent proxies? 
                If so, you should set HAVP as a "parent for squid"

                That said, this is not how HAVP blocking will alert you.
                If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
                You can test this safely with these downloads at EIECAR

                http://www.eicar.org/85-0-Download.html

                Correct, that is how squid and HAVP are setup - HAVP as "parent for squid" and I do/did get the blue and orange graphic screen stating HAVP blocking.

                Thx.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.