Search squid archive

[squid-users] Cache_peer problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

We are using squid in conjunction with trend micro's IWSS.

The documentation outlines how to do this, clients contact IWSS and 
IWSS uses squid as an upstream proxy server.  For reporting reasons,
We want to do it the other way around, IWSS are to general for us, 
Authentication is done vie NTLM.

IWSS is running on 8080 and squid on 3128, same box.
IWSS is not an ICP proxy and thus the squid doco led me to the following
Cach_peer statement:
cache_peer 127.0.0.1 parent 8080 7 no-query default

Without the no-query and default statements I end up with TIMEOUT_DIRECT
warnings.

Now all this works ok, except when IWSS detects a virus, in which case,
squid 
Ignore the 403 returned and goes direct instead of displaying the error
message

1108522791.283     59 172.16.8.59 TCP_MISS/200 886 GET
http://www.trendmicro.com/global/en/images/topnav/tn-partners-over.gif
aclark DEFAULT_PARENT/127.0.0.1 image/gif
1108522791.287     57 172.16.8.59 TCP_MISS/200 754 GET
http://www.trendmicro.com/global/en/images/topnav/tn-about-over.gif
aclark DEFAULT_PARENT/127.0.0.1 image/gif
1108522825.301    141 172.16.8.59 TCP_MISS/200 391 GET
http://www.trendmicro.com/ftp/products/eicar-file/eicar.com aclark
DIRECT/61.9.129.152 application/octet-stream

I know it is getting a 403 from the IWSS as a packet trace has this in
its data segment:

HTTP/1.1 403 OK
Connection: close
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache
Date: Wed, 16 Feb 2005 01:49:15 GMT
<html><head><title>IWSS Security Event</title></head>
<body><script>  if( typeof( window.innerWidth ) == 'number' ) {if
(window.innerWidth < 10 || window.innerHeight < 10)
{self.resizeTo(700,600);}}else if (document.body &&
(document.body.clientWidth < 10 || document.body.clientHeight < 10))
{self.resizeTo(700, 600);}</script><h1><h1>IWSS Security Event
(pthalo.ngv.vic.gov.au)</h1></h1>
Access to this URL is currently restricted due to a blocking
rule.<BR><BR>URL:
<B>http://www.trendmicro.com/ftp/products/eicar-file/eicar.com</B><BR>Ru
le: Block URLs of type <B>Virus infected temporary block</B><P>If you
feel you have reached this message in error, please contact your network
administrator.
</body></html>

Is this the appropriate method for what we need out of our caching/virus
system?

Adam
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux