Integration with Squid Proxy Server |
1) Configuring Dr.Web ICAPD To integrate Dr.Web ICAPD with a HTTP proxy server, you will need to review the current values of parameters in the Dr.Web ICAPD‘s settings section (the [ICAPD] section) and change them if necessary: •In the ListenAddress parameter, specify the address of the network socket (<IP address>:<port>) which will be listened to by Dr.Web ICAPD waiting for connections from an HTTP proxy server (by default, the 127.0.0.1:1344 socket is used). •In Block* parameters, enable or disable blocking of the respective website categories and threat types by Dr.Web ICAPD. •If required, you can use the WhiteList and BlackList parameters to define the websites that must not be blocked and the websites that must be blocked. Note that the BlackList parameter has higher priority than the WhiteList parameter, that is, if the same website is included in the values of both parameters, access to this website will be blocked. •To configure access to websites in a more fine-grained way (on the basis of various conditions), you can also edit the scanning rules.
After all settings are adjusted, restart Dr.Web for UNIX Internet Gateways (use the command drweb-ctl reload). You can also restart the configuration daemon Dr.Web ConfigD (use the drweb-configd restart command). 2) Configuring Squid To enable interaction between and Dr.Web ICAPD, edit the squid.conf configuration file (usually located in /etc/squid3/) to allow using ICAP. To configure , set the following parameters: 1.Enabling to use the ICAP. 2.Registering Dr.Web ICAPD as the ICAP service used by . 3.Enabling the use of the ICAP preview mode (optionally). 4.Allowing to transfer clients’ data (i.e. the IP address and the user name of a user who has passed authentication at the proxy server) to use it inside the rules of Dr.Web ICAPD (optionally). 5.Enabling the support of constant connections between Dr.Web ICAPD and (optional; using constant connections is not obligatory, but this increases the performance of the simultaneous use of + Dr.Web ICAPD). When configuring , remember the following: •To make check HTTP requests (REQMOD) and HTTP responses (RESPMOD) via the ICAP, add two ICAP services of the corresponding types. •To make use Dr.Web ICAPD as an ICAP service, the address and port specified in icap_service should match the address and port specified in the ListenAddress parameter in the Dr.Web ICAPD‘s settings. •Dr.Web ICAPD will not work with , if the icap_preview_size parameter value is not 0. • forms the “Client’s IP address” and “Username” values automatically and redirects them to Dr.Web ICAPD as headers of its ICAP request. The correctness and availability of this data is not guaranteed. Dr.Web ICAPD assumes that the user name and the user’s IP address are transferred by the proxy server in the X-Client-Username and X-Client-IP headers; and assumes that only those value encoding methods are used that are defined by default in ‘s settings. For this reason, when configuring , it is recommended that you do not change the parameter values that influence the method of transferring this data (like icap_client_username_encode and icap_client_username_header).
The list of parameters that can be configured depends on the version of the server that you are using (below you can find the description of configuring the following versions: 3.2 (and later), 3.1, and 3.0). If the strings mentioned bellow are already in the configuration file, their values should be changed to the specified ones. If the mentioned parameters are already in the file, but they are commented out, uncomment them. If there are no required parameters in the configuration file, add them to the file, for example, to the end.
For Squid 3.2 and later versions
For Squid 3.1
For Squid 3.0
After changing ‘s settings, restart it. If necessary, you can limit the size of data that will send for scanning via the ICAP protocol. For this purpose, the configuration file must be added with a condition that must satisfy (or not satisfy) the content of the header Content-Length, for example:
(condition <name> will be true, if the header Content-Length in the server response contains a number larger than 999999). Then the added condition should be used to allow or deny scanning of the server response via the ICAP protocol (the word all must be replaced in the connection parameters of to the external ICAP server with the condition name <name>). Due to the fact that the example indicated above could be true when the header Content-Length has a number larger that 999999, we will use it to deny the scanning of responses, whose condition <name> is true:
After changing ‘s settings, restart it. For details on configuration of in a more fine-grained way to restrict scanning of web traffic, see documentation of . See, for example, http://www.squid-cache.org/Doc/. |