RE: [squid-users] Re: VirusWall and Squid ACL

Hi Norman,

Make sure the Interscan already running on port 80.
Go to the http://x.x.x.x:1812/httpscan.cgi and check the "InterScan HTTP
Proxy port (connects to browser)" value.
And check whether your Interscan already started or not
http://x.x.x.x:1812/isswitch.cgi

Actually, you may test from your browser client by passing squid. Simply
configure you client browser to your proxy IP Address with the Interscan
port (80). If this doesn't work then your interscan is not running.

Regards,

herman

-----Original Message-----
From: Norman Zhang [mailto:norman.zhang@rd.arkonnetworks.com]
Sent: Thursday, May 06, 2004 6:05 AM
To: squid-users@squid-cache.org
Cc: Herman (ISTD)
Subject: [squid-users] Re: VirusWall and Squid ACL

Hi Herman,

Herman (ISTD) wrote:
> I have installed Interscan Viruswall and Squid on the same box. It
> worked perfectly though in Trial version, automatic virus pattern
update
> cannot work. My squid is running on 3128 port, and my Interscan is
> running on 80 port. Just redirect squid request to Interscan using
> cache_peer 127.0.0.1 parent 80 7 default no-query. Make sure httpd is
> not running on port 80.

I addeded

cache_peer 127.0.0.1 parent 80 7 default no-query

to /etc/squid/squid.conf and specify VirusWall to use

Original HTTP server location:
       Other (server and port): 127.0.0.1 80

but I'm seeing the following error in /var/log/squid/cache.log

2004/05/05 15:51:41| Detected REVIVED Parent: 127.0.0.1/80/7
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| TCP connection to 127.0.0.1/80 failed
2004/05/05 15:54:23| Detected DEAD Parent: 127.0.0.1/80/7

My /etc/squid/squid.conf is as follows. May I ask what am I doing wrong?

Regards,
Norman

cache_mgr web.master@arkonnetworks.com
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /var/spool/squid 200 16 256
cache_peer 127.0.0.1 parent 80 7 default no-query
ftp_user squid@test.com
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes

external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group

acl ProxyUsers external NT_global_group ProxyUsers
acl authusrs proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webmin port 10000 20000 # webmin, usermin
acl CONNECT method CONNECT
acl localnet dst 192.168.11.0/26 192.168.22.0/25
acl arkonweb dst 207.34.136.4 207.34.136.5 207.34.136.7
acl pdfgrab browser WebCapture
acl realplay browser RealMedia
acl ssread browser SSDOWNLOAD
acl ssread browser SSREADER

http_access allow manager localhost
http_access deny manager
http_access allow CONNECT webmin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow arkonweb
http_access allow pdfgrab
http_access allow realplay
http_access allow ssread
http_access allow authusrs ProxyUsers
http_access allow localhost
http_access deny all

icp_access allow all

>>-----Original Message-----
>>From: Norman Zhang [mailto:norman.zhang@rd.arkonnetworks.com]
>>Sent: Tuesday, May 04, 2004 9:11 AM
>>To: squid-users@squid-cache.org
>>Subject: [squid-users] VirusWall and Squid ACL
>>
>>TrendMicro recommends that I need to setup 2 Squid Proxies with
>>VirusWall in order for it to work with Squid's ACL mechanism
>>(http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionID=8496
).
>>Client ---> Proxy#1 (Squid) ---> InterScan VirusWall ---> Proxy#2 --->
>>Internet
>>
>>But searching the archives, it looks like users are able to use
>>VirusWall with just 1 Squid Proxy Server on the same box. May I ask
>>what's which setup should I go for? I'm using squid-2.5.STABLE2-2mdk
>>and Interscan VirusWall 3.81.
Received on Thu May 06 2004 - 03:52:36 MDT