Alex Rousskov schrieb:
> On Mon, 2008-01-07 at 14:18 +0100, Alexander Schaefer wrote:
>> Hello squid users,
>>
>> we did install Kaspersky Antivirus for Proxy on our existing corporate
>> proxy server, which is Squid 2.6.STABLE5 running on Debian 4.0 server.
>> We also use SquidGuard for URL-filtering:
>>
>> *redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf*
>>
>> Kaspersky antivirus is binded per ICAP interface to Squid. After
>> installation of Kaspersky antivirus, SquidGuard is not effective anymore
>> -> the bad websites are not blocked, however the appropriate entries are
>> logged in the blocked.log file. Searching for squid config statement
>> causing this problem i did localize:
>>
>> *icap_enable on*
>>
>> As far as i disable this configuration option squidGuards blocks again.
>>
>> I other words the redirector and ICAP-redirector seem to dislike each
>> other...
>>
>> Any ideas, how we can run both redirectors together?
>
> If you do not get better suggestions, I would try Squid3. If you run
> into ICAP problems with Squid3, we should be able to fix them.
>
Thanks a lot... Squid3 seems to be still in the developement phase and
is not stable enough for productive environment. Due to this fact we
can't use it ;o(
Our workaround, using SquidGuard binded with standard squid
redirector_programm statement and at the same time "Kaspersky antivirus
for proxy, binded as ICAP redirector is: Running two instances of squid
on the same server. The first one is on the internet front and binds
only SquidGuard running with no_cache mode. The second instance uses the
first as parent_proxy, does Active Directory user authentication, binds
Kaspersky per ICAP, bandwith management, cache, etc. It seems to work
well. The only disadvantage is the increased configuration and
administration complexity.
Alex
Received on Tue Jan 08 2008 - 00:20:55 MST
This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:04 MST