pfSense Gold Subscription

Author Topic: Squid->HAVP->Squid Configuration  (Read 1048 times)

0 Members and 1 Guest are viewing this topic.

Offline reshab912

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Squid->HAVP->Squid Configuration
« on: July 20, 2012, 03:22:30 pm »
Can anyone please share Squid->HAVP->Squid Configuration screenshots.

Thanks.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #1 on: July 20, 2012, 06:35:26 pm »
It's in portuguese but you can google translate  it  :)

http://nextsense.com.br/blog/archives/680

Offline reshab912

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #2 on: July 21, 2012, 09:07:28 am »
Marcelloc,

what i am looking for is squid sandwich configuration i.e.

{inet} -> Squid -> HAVP -> Squid 2 -> {clients}

To my understanding the link is about standard HAVP -> Squid config.

Thanks

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #3 on: July 21, 2012, 12:55:33 pm »
You mean two squids on the same pfsense?

Did you tried dansguardian-> squid? Dansguardian has some auth pass through functions as well clamav native support.

Offline reshab912

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #4 on: July 21, 2012, 01:10:15 pm »
yes thats what i meant 2 squids.

I have not tried dansguardian.

so do you mean to test try

{inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

2 questions
1) can we not have 2 squid process on pfsense - as wanted from original post
2) if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.

Offline marcelloc

  • Hero Member
  • *****
  • Posts: 10006
  • Karma: +6/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #5 on: July 21, 2012, 01:21:02 pm »
so do you mean to test try
{inet} -> dansguardian -> HAVP -> Squid -> {clients} ??

I mean
{inet} -> squid -> dansguardian(with clamav enabled) -> {clients} ??

1) can we not have 2 squid process on pfsense - as wanted from original post
You can if you create the second config file and edit/create another startup script on /usr/local/etc/rc.d
Filer package can help you on keeping second config file and startup script on xml backup

2) if we go with above method, where would i be maintaining by ACL's for users?? currently i am using squid for the same.
I prefer dansguardian acls but you can setup the way you want with user auth. Ip acls will not work on squid as it will have 127.0.0.1 as client ip.

Did you tried  {inet} -> havp -> squid  -> {clients} ??

att,
Marcello Coutinho
« Last Edit: July 21, 2012, 01:22:57 pm by marcelloc »

Offline reshab912

  • Newbie
  • *
  • Posts: 16
  • Karma: +0/-0
    • View Profile
Re: Squid->HAVP->Squid Configuration
« Reply #6 on: July 21, 2012, 03:50:31 pm »
Thanks for your replies

Yes, {inet} -> havp -> squid  -> {clients}, works fine as
- havp detected virus with eicar.org
- squid has entries in both cache and access logs.

But with current setup some sites open very slow e.g. youtube - i think this is due to havp. i whitelisted youtube and have good results. That is the reason I was thinking for sandwich config, coz then I dont have to whitelist anything in HAVP