[squid-users] squid + sslbump + [c-icap] + [squidclamav/havp] + clamav

From: Alessandro Baggi <alessandro.baggi_at_gmail.com>
Date: Thu, 10 Feb 2011 19:33:19 +0100

Hi list, For many years I've used squid-2.7-STABLE7 for proxying,
content filtering and virus scan, but it was not able to scan https
traffic for viruses. Now compiling a package for my system, I've seen
that in 3.1.x version there is the ssl-bump option to get https traffic
treated as http traffic.

in my squid.conf I have:

...
..
ssl_bump allow localnet
always_direct allow all

http_port 172.16.2.8:3128 ssl-bump cert:/etc/squid/cert/cert.crt
key=/etc/squid/cert/key.key

My first question is, How to see if ssl-bump works? in access.log I get
always CONNECT/DIRECT for HTTPS connection. This is normal or my
ssl-bump config does not work?

Then my squidclamav version is 6.x and use c-icap and I've configured
squid for icap as:

        icap_enable on
        icap_send_client_ip on
        icap_send_client_username on
        icap_client_username_encode off
        icap_client_username_header X-Authenticated-User
        icap_preview_enable on
        icap_preview_size 1024
        icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
        adaptation_access service_req allow all
        icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
        adaptation_access service_resp allow all

For http connection all works fine, and always with https connection
there are always CONNECT/DIRECT.
on http://wiki.squid-cache.org/Features/SslBump I get:

Squid-in-the-middle decryption and encryption of straight *CONNECT* and
transparently redirected SSL traffic, using configurable client- and
server-side certificates. While decrypted, the traffic can be inspected
using ICAP.

Then at this point ssl-bump must permit to squidclamav to see file
(decrypted) over https?

if Yes, there is a my misconfiguration, can you point me in the right
direction? (If you need my squid.conf I can post it)

thanks in advance.
Received on Thu Feb 10 2011 - 18:33:26 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST