View previous topic :: View next topic |
Author |
Message |
hydrapolic Tux's lil' helper
Joined: 07 Feb 2008 Posts: 126
|
Posted: Mon Apr 21, 2008 11:42 am Post subject: HOWTO: Proxy with antivirus (dansguardian, havp, squid) |
|
|
The scenario is the following: A bunch of computers need to access the Internet, but we need to filter what they browse, so we use dansguardian (blacklists, blocking keywords, domains...), havp (antivirus checking) and squid (caching). This is just one of the solutions, but the only one working for me. This is also just a sample, there a lots of options when installing the abovementioned applications. All of the services work on a single computer:
computers --> proxy gateway --> Internet
We need to install:
- clamav
- squid
- havp
- dansguardian
Port allocation can be the following:
dansguardian - 8080
havp - 8090
squid - 3128
computers --> dansguardian (8080) --> havp (8090) --> squid (3128)
Relevant configuration parameters:
/etc/squid/squid.conf
/etc/havp/havp.config
Code: |
PARENTPROXY 127.0.0.1
PARENTPORT 3128
PORT 8090
ENABLECLAMLIB true
CLAMDBDIR /var/lib/clamav
|
/etc/dansguardian/dansguardian.conf
Code: |
filterport = 8080
proxyip = 127.0.0.1
proxyport = 8090
|
Good luck.
//Edit [2008.07.14]
The configuration is doing fine, using it with 300 users. Once the things are settled down, I'll write a proper "proxy-howto".
Last edited by hydrapolic on Mon Jul 14, 2008 1:48 pm; edited 1 time in total |
|
Back to top |
|
|
luispa Guru
Joined: 17 Mar 2006 Posts: 359 Location: España
|
Posted: Wed Apr 23, 2008 6:07 pm Post subject: |
|
|
Thank you for the info. Looks interesting, I'll give it a try.
Luis |
|
Back to top |
|
|
rjolley n00b
Joined: 14 Sep 2003 Posts: 16 Location: Stone Mountain, GA
|
Posted: Thu Apr 24, 2008 4:21 pm Post subject: |
|
|
If you use havp, do you still need clamav support compiled into dansguardian? |
|
Back to top |
|
|
hydrapolic Tux's lil' helper
Joined: 07 Feb 2008 Posts: 126
|
Posted: Thu Apr 24, 2008 6:54 pm Post subject: |
|
|
I think it doesn't really matter, because HAVP is doing the scanning (besides, HAVP can work with numerous anti-virus programs, not just clamav). |
|
Back to top |
|
|
rjolley n00b
Joined: 14 Sep 2003 Posts: 16 Location: Stone Mountain, GA
|
Posted: Fri Apr 25, 2008 1:15 pm Post subject: |
|
|
Hmmm, may try it out.
Thanks for the info. |
|
Back to top |
|
|
andip Tux's lil' helper
Joined: 18 Jun 2002 Posts: 116 Location: .no
|
Posted: Wed Apr 30, 2008 12:30 pm Post subject: |
|
|
hi,
thanks for the howto, after some initial setup-problems, it's now working like a charm.
one thing people might need to do is use the dns-settings in squid.conf, as it seems to have some problems using whatever is in /etc/resolv.conf with this setup. i haven't confirmed this 100%, but keep it in mind should you get what appears to be dns-issues. |
|
Back to top |
|
|
hydrapolic Tux's lil' helper
Joined: 07 Feb 2008 Posts: 126
|
Posted: Mon May 05, 2008 10:14 am Post subject: |
|
|
For DNS I use this:
dns_retransmit_interval 1 seconds
dns_nameservers 192.168.40.4 192.168.100.15
fqdncache_size 2048
What problems do you mean ? Well sometimes I find the processing rather slow, that's why I used the small retransmit interval. Also in Dansguardian it's desirable to set phrasefiltermode = 1 (smart mode, no raw mode). I had problems loading huge pages (like the Gentoo handbook in 1 page) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|