Hello, I'm actually trying to scan https web pages for viruses. I have a working squid 3.5.21 configured for https intercept with ssl bump peek splice (basic) like following :
[...] ssl_bump peek all ssl_bump splice all [...] icap_enable on adaptation_send_client_ip on adaptation_send_username on icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 icap_service service_req reqmod_precache bypass=1 icap:// 127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap:// 127.0.0.1:1344/squidclamav adaptation_access service_resp allow all [...] I have c-icap, clamd, installed and running correctly. My problem is the following: I've an external web server, accessible in both HTTP or HTTPS, in one of its websites, I've put a eicar.com file. When I access it via HTTP, the eicar.com file is correctly blocked, but when I do it over HTTPS, the file is not blocked ... And I don't see why ... Does peek / splice don't allow icap scanning/filtering ? Thanks for the help. Cheers, -- do Vale Victor Ingénieur Systèmes, Réseaux et Sécurité
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
