Configuring Interaction between Dr.Web ICAPD and Squid

General scheme of interaction between a Squid proxy server, drweb-icapd and a client is as follows:

icapd_scheme_en

Figure 16. General interaction scheme

In this scheme, a client interacts with an HTTP server through a proxy server. The proxy server is a client of the ICAP server (Dr.Web ICAPD). Dr.Web ICAPD module, in turn, is a client of Dr.Web Daemon. Dr.Web ICAPD allows to perform virus scanning (using Dr.Web Daemon) of all HTTP traffic coming from the HTTP server and transmitted by the proxy server via the ICAP protocol. The given scheme does not allow FTP traffic scanning. For details on how to enable scanning of FTP traffic, refer to the Configuring Squid to Scan FTP Traffic section.

Note that HTTPS traffic is not scanned as it is encrypted and cannot be decrypted without the public key of the HTTPS server.

To enable Squid to use Dr.Web ICAPD, edit the squid.conf configuration file (usually located at /usr/local/squid/etc) to allow usage of the ICAP protocol.

For this purpose, uncomment the lines mentioned below and edit the specified default values if necessary. If the lines are not present, add them to the end of the configuration file:

1. Enable usage of the ICAP protocol:

icap_enable on

2. Register new ICAP service:

For Squid 3.0:

icap_service service_1 respmod_precache 0 icap://127.0.0.1:1344/respmod
icap_class class_1 service_1
icap_access class_1 allow all

For Squid 3.1:

icap_service service_1 respmod_precache bypass=0 icap://127.0.0.1:1344/respmod
adaptation_access service_1 allow all

Внимание!

Please note that address and port that are specified in icap_service, must be equal to the corresponding values of BindAddress and BindPort parameters of the Dr.Web ICAPD configuration file.

When ICAP preview mode is enabled, configure additional settings.

3. Enable the ICAP preview mode:

icap_preview_enable on

4. Specify size of the message (in bytes) sent to ICAP preview:

icap_preview_size 0

Внимание!

Note that specifying any value other than 0 for the icap_preview_size parameter when ICAP preview is enabled, as well as specifying any value other than -1 when ICAP preview is disabled has no effect (that is, size of previewed objects currently cannot be adjusted).

5. If necessary, enable logging the IP address of the client that requested resource:

icap_send_client_ip on

6. If necessary, enable persistent connections between drweb-icapd and Squid, which improves performance:

icap_persistent_connections on

Внимание!

respmod-postcache mode is not implemented in the current version of Squid, thus checking of cached content is not possible.