Havp blocking (?)
-
pfSense: 2.0.2-RELEASE (i386)
HAVP: 0.91_1 pkg v1.01
squid: 2.7.9 pkg v.4.3.3No install of snort.
when going to a site I get:
HAVP
The following server is down:
Connection failed/var/squid/logs/access.log has:
TCP_MISS/200 1235 GET http://ebptllc.com/ - DEFAULT_PARENT/havp text/html
HAVP whitelist includes:
.ebptllc.com/Any ideas why I can't get access to this site? If I access the site from a different network, it works fine. DNS is good - it resolves correctly, as does nslookup from the console.
?Thanks.
-
I don't think HAVP is doing any sort of blocking, same with squid. But something in pfSense is not allowing the connection to the site: ebptllc.com.
-
Where do I look, what log would show something about why people are unable to connect to a web site? site in question is ebptllc.com. When people browse to ebptllc.com from the LAN behind pfSense, the site is unavailable. If I browse to the same site from another network, the site pulls up.
Any suggestions?
Thanks,
Aaron -
found one occurance of TCP_MISS/403 in the access.log for squid. Looks like the origin side is blocking the IP. Called host and removed block. Not a HAVP, pfSense or squid issue.
-
So do you have both squid and HAVP setup as transparent proxies?
If so, you should set HAVP as a "parent for squid"That said, this is not how HAVP blocking will alert you.
If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
You can test this safely with these downloads at EIECARhttp://www.eicar.org/85-0-Download.html
-
So do you have both squid and HAVP setup as transparent proxies?
If so, you should set HAVP as a "parent for squid"That said, this is not how HAVP blocking will alert you.
If HAVP is working you should get a blue and orange graphic screen showing that HAVP has blocked a file.
You can test this safely with these downloads at EIECARhttp://www.eicar.org/85-0-Download.html
Correct, that is how squid and HAVP are setup - HAVP as "parent for squid" and I do/did get the blue and orange graphic screen stating HAVP blocking.
Thx.