[squid-users] Re: VirusWall and Squid ACL

Mon, 10 May 2004 10:32:45 -0700

Henrik Nordstrom wrote:
On Fri, 7 May 2004, Norman Zhang wrote:
I have no problem accessing the web directly using VirusWall as my proxy (i.e., http://x.x.x.x:80). But going through Squid (http://x.x.x.x:3128) won't scan the content in VirusWall. Squid will go directly to the internet. This makes make think that Squid is not redirecting to VirusWall as it should be. 

cache_peer 127.0.0.1 parent 80 7 default no-query
acl binaries urlpath_regex -i \.exe$ \.zip$ \.vbs$ \.gz$
cache_peer_access 127.0.0.1 allow binaries
never_direct allow binaries

Looks fine to me, even if it can be done slightly simpler via the always_direct/never_direct directives instead of cache_peer_access..

always_direct deny binaries
never_direct allow all

in addition I find it more easy to understand if the icp port is specified
as 0 when using no-query. This field is not really used then and
mentioning the echo port can be confusing making one think (but not Squid)
that the echo port is used...

Have you run "squid -k reconfigure" or restarted Squid since making the configuration change?

Is there any warnings on "squid -k parse"?

The 2 commands didn't issue any problems.

What does Squid access.log say when you attempt to download some content which should have been sent to the scanner?

/var/log/squid/access.log saids

1084209947.484 1 192.168.22.7 TCP_DENIED/407 2281 GET http://download.com.com/i/dl/fpp/winzip_CNETstatic_120x600.gif - NONE/- text/html
1084209947.563 70 192.168.22.7 TCP_MISS/200 6034 GET http://download.com.com/i/dl/fpp/winzip190x160fpp_02b.gif arkondomain\nzhang DIRECT/216.239.115.131 image/gif
1084209947.669 176 192.168.22.7 TCP_MISS/200 12305 GET http://download.com.com/i/dl/fpp/winzip_CNETstatic_120x600.gif arkondomain\nzhang DIRECT/216.239.115.131 image/gif
1084209994.064 32748 192.168.22.7 TCP_MISS/200 2372978 GET ftp://ftp.download.com/pub/win95/utilities/filecomp/winzip90.exe arkondomain\nzhang DEFAULT_PARENT/127.0.0.1 application/octet-stream

/var/log/iscan/log.2004.05.10 saids,

[EMAIL PROTECTED] squid]# grep winzip /var/log/iscan/log.2004.05.10
05/10/2004 10:25:47 http[12656]: connection from 127.0.0.1, "GET ftp://ftp.download.com/pub/win95/utilities/filecomp/winzip90.exe HTTP/1.0"
05/10/2004 10:26:01 http[12657]: connection from 127.0.0.1, "GET ftp://ftp.download.com/pub/win95/utilities/filecomp/winzip90.exe HTTP/1.0"

I'm not if the data is being scanned.

Regards,
Norman

Reply via email to