On Tue, 04 Feb 2014 10:29:59 +1300
Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> Try clamav as an ICAP service used by Squid. Whitelisting is done
> either in clamav or in the squid.conf adaptation_access rules. ICAP
> also allows the scanner to "step out" of the transaction at any time
> it determines a pass result (less AV traffic I/O => faster overall
> traffic).
Squidclamav 6.x is c-icap module. I think I am already using it the way
you suggest. Or, if not, can you please me point me to some
documentation?
> For what reasons do you have squidguard in the loop at all?
>
> The model of operation Squid is primarily designed for is a central
> HTTP proxy routing requests to any service necessary to complete the
> transaction.
This is the setup I found well documented, and it does the job for me.
I'd be glad to get the same functionality with squid only. Basically I
need to authenticate all users from Active Directory (which is well
documented in the wiki), authorize them in accordance with AD group
membership (which could be done with external acls i guess), and
redirect them to custom pages in case of some rule violation
(transparent 1x1 gif for ads, custom page which displays info about
reason for block, user, group, ip address etc.).
I hoped to manage this with just squid and c-icap's modules squidclamav
and srv_url_check, or maybe directly with squid's acls, but I didn't
find good documentation about this kind of setup.
Regards,
-- Marko CupaćReceived on Tue Feb 04 2014 - 08:37:33 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 04 2014 - 12:00:04 MST