Norman Zhang wrote:
>> Make sure the Interscan already running on port 80.
>> Go to the http://x.x.x.x:1812/httpscan.cgi and check the "InterScan HTTP
>> Proxy port (connects to browser)" value.
>> And check whether your Interscan already started or not
>> http://x.x.x.x:1812/isswitch.cgi
>
> I can verify that VirusWall (both Squid and VirusWall are on the same
> box) is setup to
>
> InterScan HTTP Proxy port (connects to browser): 80
> Original HTTP server location:
> InterScan acts as proxy itself.
> x Other (server and port): 127.0.0.1 80
I have futher tested if I set VirusWall to
InterScan HTTP Proxy port (connects to browser): 80
Original HTTP server location:
X InterScan acts as proxy itself.
and not
X Other (server and port): 127.0.0.1 80
I have no problem accessing the web directly using VirusWall as my proxy
(i.e., http://x.x.x.x:80). But going through Squid (http://x.x.x.x:3128)
won't scan the content in VirusWall. Squid will go directly to the
internet. This makes make think that Squid is not redirecting to
VirusWall as it should be. I'm trying to setup my Squid+VirusWall the
following way.
IE---->3128:Squid---->80:VirusWall---->Internet
May I ask what am I doing wrong my squid.conf?
Regards,
Norman
cache_mgr web.master@arkonnetworks.com
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 16 MB
cache_dir ufs /var/spool/squid 200 16 256
cache_peer 127.0.0.1 parent 80 7 default no-query
acl binaries urlpath_regex -i \.exe$ \.zip$ \.vbs$ \.gz$
cache_peer_access 127.0.0.1 allow binaries
never_direct allow binaries
ftp_user squid@test.com
auth_param ntlm program /usr/lib/squid/wb_ntlmauth
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
external_acl_type NT_global_group %LOGIN /usr/lib/squid/wb_group
acl ProxyUsers external NT_global_group ProxyUsers
acl authusrs proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webmin port 10000 20000 # webmin, usermin
acl CONNECT method CONNECT
acl localnet dst 192.168.11.0/26 192.168.22.0/25
acl arkonweb dst 207.34.136.4 207.34.136.5 207.34.136.7
acl pdfgrab browser WebCapture
acl realplay browser RealMedia
acl ssread browser SSDOWNLOAD
acl ssread browser SSREADER
http_access allow manager localhost
http_access deny manager
http_access allow CONNECT webmin
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow arkonweb
http_access allow pdfgrab
http_access allow realplay
http_access allow ssread
http_access allow authusrs ProxyUsers
http_access allow localhost
http_access deny all
icp_access allow all
Received on Fri May 07 2004 - 18:05:09 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Jun 01 2004 - 12:00:01 MDT