[squid-users] Re: Securing squid3

From: babajaga <augustus_meyer_at_yahoo.de>
Date: Thu, 14 Feb 2013 08:12:19 -0800 (PST)

Then its more a question how to setup iptables, the clients and HAVP.
However, why HAV first ?
This has the danger of squid caching infected files. And HAV will scan
cached files over and over again.
Then squid will be an upstream proxy of HAV. IF HAV supports parent proxies,
then squid should have no problem.
But this then either needs a proxy.pac for the clients browsers or explicit
proxy config for the clients browsers.
This would be the easier path. When this works, then to think about using
ipt with explicit routing of all packets to HAV-box. And back, so you have
to consider NAT. I am not fit enough in ipt, so I would keep it simple:

client-PC-----squid-----HAV------web

And the transparent setup for squid is well documented.

PS: Grafik ist etwas klein :-)

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Securing-squid3-tp4658495p4658501.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Thu Feb 14 2013 - 16:12:22 MST

This archive was generated by hypermail 2.2.0 : Thu Feb 14 2013 - 12:00:05 MST