James Tan wrote:
> Hi Amos,
>
> the PoC is for a project involving malware inspection, a personal
> project. I tried to chain 2 Squids as part of solution.
>
> The AV perform the check on the wire before actually allowing Parent
> Squid to get hold of it.
> I.e. Client --> ... ... -> Parent Squid --> AV (inspects HTTP, it it
> is 'infected', do a "TCP Disconnect" as seen on Sysinternals Procmon)
> --> Website
> *There was no "TCP Disconnect" for 'clean' pages.
>
> From what I observe when the client is directly connected to the
> Parent Squid, I got the following message in Parent.
> I am OK with this message in Parent, but how can I let the Child also
> know that and display similar message when Parent got it instead of
> hung?
I suspect you have something like the half_closed_clients setting turned
on or that the child Squid is stuck in a period of re-tries looping to
find a source which will supply the requested information.
FWIW; you are better off using a Squid-3 as the parent with AV
capabilities plugged in directly via the ICAP interface.
Most AV software these days seems to have some form of ICAP server you
can plug Squid into.
This will let either the AV or the parent Squid supply the client with
an nice explanation page about what and why the request was aborted.
Amos
-- Please be using Current Stable Squid 2.7.STABLE9 or 3.1.3Received on Sun May 23 2010 - 13:29:46 MDT
This archive was generated by hypermail 2.2.0 : Sun May 23 2010 - 12:00:32 MDT