FTP traffic can be transferred through Dr.Web ICAPD only when Squid proxy server is used. If you need to scan both HTTP and FTP traffic, implement one of the two schemes, mentioned below:
1.Chain of two Squid proxy servers.
2.Chain of Frox FTP proxy server, which converts FTP to HTTP, and Squid proxy server.
Figure 17. HTTP and FTP traffic scanning schemes
1.Chain of two Squid proxy servers (Squid-Squid)
All traffic, both HTTP and FTP, is treated as HTTP by the second proxy server (Squid-2) as Squid-1 converts FTP traffic to HTTP (and back). Thus, all transmitted traffic is checked by Dr.Web ICAPD. To implement this scheme, do the following:
1.Install two independent Squid proxy servers (Squid-1 and Squid-2) in different directories;
2.Adjust the http_port parameter value for Squid-1 by setting a new port number (for example, 3129). It must differ from the default value;
3.Configure Squid-2 to enable interaction with Dr.Web ICAPD as described above;
4.Configure Squid-2 to enable interaction with Squid-1 as follows:
cache_peer localhost parent 3129 3130 default connect-timeout=80000
where:
•3129 – number of the port used by Squid-1
•localhost – host where Squid-1 is installed
•80000 – timeout for interaction between Squid-2 and Squid-1. This value must be large enough to provide correct interaction between the proxy servers.
5.Configure clients to operate via Squid-2 using both the HTTP and FTP protocols.
6.Start both Squid proxy servers and Dr.Web ICAPD.
2.Chain of Frox and Squid proxy servers
HTTP and FTP traffic is checked by Dr.Web ICAPD: Frox converts FTP traffic to HTTP and transmits it to the Squid proxy server, thus, Squid treats them both as HTTP traffic. To implement this scheme, do the following:
1.Install Frox and Squid proxy servers;
2.Configure Frox to transmit data to Squid as HTTP traffic (FTP traffic from all FTP clients is registered as HTTP traffic transmitted by Frox);
3.Configure Squid to enable interaction with Dr.Web ICAPD, as described above;
4.Configure clients to operate with the Squid proxy server via the HTTP protocol, and with the Frox proxy server via the FTP protocol;
5.Start both proxy servers (Squid and Frox) and Dr.Web ICAPD.