[squid-users] multiple redirector ACL
Hi, I`m running squidclamav and squirm with viralator. For Firefox users I will use squirm and for tools like wget the full transparent squidclamav. Both tools are working. How can I solve this problem? My ideas are for squid.conf: Can I cat if the client uses Firefox? Can I switch between redirector with the help of client ip? My ideas for redirector: Simple script which reads the client ip and forwards to the right redirector. Do you have something like that? Thank you, Stefan
Re: [squid-users] squid 3.0.19 + transparent + sslbump
Zitat von Amos Jeffries squ...@treenet.co.nz: Leonardo Carneiro - Veltrac wrote: Amos Jeffries wrote: Some factums worth knowing: * 3.0 does not support sslBump or any other form of HTTPS man-in-middle attacks. 3.1 is required for that. * sslBump in 3.1 requires that the client machines all have a CA certificate installed to make them trust the proxy for decryption. * sslBump requires clients to be configured for using the proxy. (Some of the 'transparent' above work this way some do not.) Amos Hi Amos. What is the vantage of use sslBump if I cannot use a transparent proxy with it? Is the ability to cache SSL content? Tks in advance. Somewhat. Mostly for corporate networks AV scanning or filtering HTTPS connections. Amos -- Please be using Current Stable Squid 2.7.STABLE8 or 3.0.STABLE25 Current Beta Squid 3.1.0.18 Transparent https is working with squid 3.1.0.15_beta-r1. With transparent I meen, that the browser request will routed to squids without any configuration. iptables: iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 192.168.1.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 -j DNAT --to-destination 192.168.1.1:3129 squid.conf: http_port 127.0.0.1:3128 http_port 192.9.200.32:3128 transparent https_port 192.9.200.32:3129 transparent sslBump cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Pp.pem Only Problem I have, that the browser gives warnings, because certificate didn`t pass to domain! Can I get other problems with cookie or something else? Can I run this squid version in productivity environment? Now I will test it for some hours.. Regards, Stefan
[squid-users] squid 3.0.19 + transparent + sslbump
Hi, I want to use https with the viralator (http ist working). I'm prerouting Port 80 to Port 3128 for http. Is there an option like https_port in my version? Now I want to set following option in squid.conf: http_port 3128 sslBump cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Passphrase.pem but I get: squid1 ~ # squid -D FATAL: Bungled squid.conf line 9: http_port 3128 sslBump cert=/etc/squid/ssl_cert/proxy.testdomain.deCert.pem key=/etc/squid/ssl_cert/private/proxy.testdomain.deKey_without_Pp.pem Squid Cache (Version 3.0.STABLE19): Terminated abnormally The squid should run in transparent mode. Thank you very mutch for viralator support, it`s very nice ;) Stefan
[squid-users] squid, squirm, clamav, viralator 0.9.8, Invoked with the arguments
Hey, I am using squid 3.0.19 with squirm 1.23, clamav 0.95.3, viralator 0.9.8 from svn and mozilla firefox with configured proxy. If I put following url in my Firefox: http://squid1.testdomain.de/cgi-bin/viralator.cgi?action=http://putty.very.rulez.org/latest/x86/putty.exe I get this Output: squid1 log # tail -f viralator.log 2010/03/19 13:47:28 INFO viralator.cgi: 1637 main::config_app - Reading configuration file /etc/viralator/viralator.conf 2010/03/19 13:47:28 INFO viralator.cgi: 1668 main::config_app - Configuration file was read successfully 2010/03/19 13:47:28 DEBUG viralator.cgi: 1679 main::config_app - Values recovered from configuration file popupwidth - 600 filechmod - 0644 popupback - false maximum_size - 1689600 css_file - style.css virusscanner - clamdscan dirmask - 0022 scannersummary - true scannerpath - /usr/bin progress_indicator - progress.png downloadsdir - /downloads default_language - english.txt alert - FOUND downloads - /var/www/localhost/htdocs/downloads lang - en-US viruscmd - --verbose --stdout secret - sdfjkjk438sdfh234Hasdh73 charset - ISO-8859-1 skip_downloads - true popupheight - 400 popupfast - false progress_unit - bar.png 2010/03/19 13:47:28 INFO viralator.cgi: 1683 main::config_app - Testing configuration values 2010/03/19 13:47:28 INFO viralator.cgi: 1717 main::config_app - Configuration is OK 2010/03/19 13:47:28 INFO viralator.cgi: 1731 main::config_lang - Trying to read language file /etc/viralator/languages/english.txt 2010/03/19 13:47:28 INFO viralator.cgi: 1755 main::config_lang - Language file read successfully 2010/03/19 13:47:28 INFO viralator.cgi: 101 main:: - Client 192.9.200.32 connected to Viralator 2010/03/19 13:47:28 INFO viralator.cgi: 140 main:: - Charset is defined as ISO-8859-1 2010/03/19 13:47:28 INFO viralator.cgi: 156 main:: - Presenting initial page to user 2010/03/19 13:47:28 DEBUG viralator.cgi: 162 main:: - Parameters received action 2010/03/19 13:47:28 DEBUG viralator.cgi: 1356 main::test_param - Invoked with the arguments: action, http://putty.very.rulez.org/latest/x86/putty.exe 2010/03/19 13:47:28 ERROR viralator.cgi: 676 main::error - Invalid value for action parameter: http://putty.very.rulez.org/latest/x86/putty.exe - requested by 192.9.200.32 And when I put the url normaly: http://putty.very.rulez.org/latest/x86/putty.exe I get: () 2010/03/19 13:49:16 INFO viralator.cgi: 1683 main::config_app - Testing configuration values 2010/03/19 13:49:16 INFO viralator.cgi: 1717 main::config_app - Configuration is OK 2010/03/19 13:49:16 INFO viralator.cgi: 1731 main::config_lang - Trying to read language file /etc/viralator/languages/english.txt 2010/03/19 13:49:16 INFO viralator.cgi: 1755 main::config_lang - Language file read successfully 2010/03/19 13:49:16 INFO viralator.cgi: 101 main:: - Client 192.9.200.32 connected to Viralator 2010/03/19 13:49:16 INFO viralator.cgi: 140 main:: - Charset is defined as ISO-8859-1 2010/03/19 13:49:16 INFO viralator.cgi: 156 main:: - Presenting initial page to user 2010/03/19 13:49:16 DEBUG viralator.cgi: 162 main:: - Parameters received url 2010/03/19 13:49:16 DEBUG viralator.cgi: 1356 main::test_param - Invoked with the arguments: url, http://putty.very.rulez.org/latest/x86/putty.exe 2010/03/19 13:49:16 INFO viralator.cgi: 197 main:: - No referer is available 2010/03/19 13:49:16 DEBUG viralator.cgi: 1459 main::WinOpen - Invoked with the arguments: http://192.9.200.32/cgi-bin/viralator.cgi?action=popupfileurl=http://putty.very.rulez.org/latest/x86/putty.exe, 1269002956, width=600,height=400,scrollbars=1,resize=no The download button didn't work. Here is my squirm.patterns: abortregexi ^http://192.9.200.32.* #zB (^http://192\.168\.100\.1/.*) abortregexi ^http://squid1.testdomain.de.* regexi ^(.*\.zip)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1 regexi ^(.*\.exe)$ http://192.9.200.32/cgi-bin/viralator.cgi?url=\1 squirm match log: Fri Mar 19 13:49:16 2010:http://putty.very.rulez.org/latest/x86/putty.exe:http://192.9.200.32/cgi-bin/viralator.cgi?url=http://putty.very.rulez.org/latest/x86/putty.exe My viralator config: default_language - english.txt charset - ISO-8859-1 lang - en-US servername - proxy_address - proxy_port - maximum_size - 1689600 virusscanner - clamdscan scannerpath - /usr/bin viruscmd - --verbose --stdout alert - FOUND scannersummary - true downloads - /var/www/localhost/htdocs/downloads skip_downloads - true downloadsdir - /downloads () I don't find an error in my config. I`m running the whole system under linux gentoo, an in future the proxy server will be in transparent mode. The squid and squirm are running as user squid. Regards, Stefan
Re: [squid-users] transparent squid + clamav + https
Hi, I have configured the viralator. But I have some problems with the redirector. When I run /opt/squirm/bin/squirm as user squid by hand, I get the following text: squid1 logs # tail -f squirm.info Wed Mar 17 15:33:19 2010:processing configuration file [/opt/squirm/etc/squirm.conf] Wed Mar 17 15:33:19 2010:Reading patterns from file /opt/squirm/etc/squirm.patterns Wed Mar 17 15:33:19 2010:Squirm (PID 10474) started Then when I enter an url in the running squirm like: http://putty.very.rulez.org/latest/x86/putty.exe 192.9.200.123/- - GET or http://putty.very.rulez.org/latest/x86/putty.exe 127.0.0.1/- - GET I get no output (only a empty row). When I run squirm as root, it will be the same, but on std out: squid1 bin # ./squirm Squirm running as UID 0: writing logs to stderr Wed Mar 17 15:36:42 2010:processing configuration file [/opt/squirm/etc/squirm.conf] Wed Mar 17 15:36:42 2010:Reading patterns from file /opt/squirm/etc/squirm.patterns Wed Mar 17 15:36:42 2010:Squirm (PID 10477) started http://putty.very.rulez.org/latest/x86/putty.exe 192.9.200.123/- - GET http://putty.very.rulez.org/latest/x86/putty.exe 127.0.0.1/- - GET My squirm folder: squid1# ls -al /opt/squirm/etc/ total 40 drwxrwx--- 2 root squid 4096 Mar 17 15:29 . drwxr-xr-x 5 root bin4096 Mar 16 11:11 .. -rw-r--r-- 1 root root 12288 Mar 17 15:29 .squirm.conf.swp -rw-r--r-- 1 root root 1186 Mar 17 15:17 backup.tar.gz -rw-r--r-- 1 root root 1168 Mar 17 14:46 squirm.conf -rw-rw 1 root squid 1064 Mar 17 15:18 squirm.conf.dist -rw-r--r-- 1 root root 1139 Mar 17 15:13 squirm.patterns -rw-rw 1 root squid 682 Mar 17 15:18 squirm.patterns.dist cat squirm.conf: #squids ip ist 192.9.200.32/24 begin network 192.9.200.0/24 log logs/match.log abort-log logs/abort.log pattern squirm.patterns get end begin network 127.0.0.0/24 log logs/private-match.log abort-log logs/private-abort.log pattern squirm.patterns get end cat squirm.patterns: abortregexi (^http://192.9.200.32.*) abortregexi (^http://squid1.testingdomain.de.*) regexi (^.*\.zip$) http://192.9.200.32/cgi-bin/viralator.cgi?url=|\1 regexi (^.*\.doc$) http://192.9.200.32/cgi-bin/viralator.cgi?url=|\1 regexi (^.*\.exe$) http://192.9.200.32/cgi-bin/viralator.cgi?url=|\1 So there is only the squirm.info in the log folder, nothing else. The viralator seems working, but there is now entry about squirm in the logs. Can I test the viralator.cgi with parameters on bash or webbrowser? Thanks, Stefan
[squid-users] transparent squid + clamav + https
Hi, for my exam I want to set up a transparent proxy with http and https under gentoo linux. The transparent http proxy with clamav ist working very nice, but now i have problems with the implementation of ssl. My first idea was, to break down the encryption at the squid, an then create a new one. http://wiki.squid-cache.org/Features/SslBump Is this possible? I think the problem is, that if someone opens an https encrypted website like https://google.de he gets the certificate from the proxy in his browser, not from the webserver. This wouldn`t be so fine.. Do you have any solutions, informations or ideas for this problem? Thanks, Stefan PS: I have an secound problem with downloading big files, is it possilbe to send any infos about the download progress to the webbrowser? Like opening an ajax script or something else.
