Havp blocking (?)



  • pfSense: 2.0.2-RELEASE (i386)
    HAVP: 0.91_1 pkg v1.01
    squid: 2.7.9 pkg v.4.3.3

    No install of snort.

    when going to a site I get:

    HAVP

    The following server is down:
    Connection failed

    /var/squid/logs/access.log has:

    TCP_MISS/200 1235 GET http://ebptllc.com/ - DEFAULT_PARENT/havp text/html

    HAVP whitelist includes:
    .ebptllc.com/

    Any ideas why I can't get access to this site?  If I access the site from a different network, it works fine.  DNS is good - it resolves correctly, as does nslookup from the console.
    ?

    Thanks.



  • I don't think HAVP is doing any sort of blocking, same with squid.  But something in pfSense is not allowing the connection to the site: ebptllc.com.



  • Where do I look, what log would show something about why people are unable to connect to a web site?  site in question is ebptllc.com.  When people browse to ebptllc.com from the LAN behind pfSense, the site is unavailable.  If I browse to the same site from another network, the site pulls up.

    Any suggestions?

    Thanks,
    Aaron



  • found one occurance of TCP_MISS/403 in the access.log for squid.  Looks like the origin side is blocking the IP.  Called host and removed block.  Not a HAVP, pfSense or squid issue.



  • So do you have both squid and HAVP setup as transparent proxies? 
    If so, you should set HAVP as a "parent for squid"

    That said, this is not how HAVP blocking will alert you.
    If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
    You can test this safely with these downloads at EIECAR

    http://www.eicar.org/85-0-Download.html



  • @Ramosel:

    So do you have both squid and HAVP setup as transparent proxies? 
    If so, you should set HAVP as a "parent for squid"

    That said, this is not how HAVP blocking will alert you.
    If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
    You can test this safely with these downloads at EIECAR

    http://www.eicar.org/85-0-Download.html

    Correct, that is how squid and HAVP are setup - HAVP as "parent for squid" and I do/did get the blue and orange graphic screen stating HAVP blocking.

    Thx.


Log in to reply