Search squid archive

Re: transparent squid + clamav + https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



mån 2010-03-15 klockan 12:30 +0100 skrev Stefan Reible:

> The transparent http proxy with clamav ist working very nice, but now  
> i have problems with the implementation of ssl. My first idea was, to  
> break down the encryption at the squid, an then create a new one.
> 
> http://wiki.squid-cache.org/Features/SslBump
> 
> Is this possible? I think the problem is, that if someone opens an  
> https encrypted website like https://google.de he gets the certificate  
> from the proxy in his browser, not from the webserver. This wouldn`t  
> be so fine..

Well, it's the only possibility, othewise the proxy (and clamav) won't
be able to inspect the https traffic.

> PS: I have an secound problem with downloading big files, is it  
> possilbe to send any infos about the download progress to the  
> webbrowser? Like opening an ajax script or something else.

Yes. See the "viralator" mode of c-icap srv_clamav.

The service supports 3 different modes of download management

- Wait with response until scanning have completed
- Send some data of the file while scanning is performed to keep the
client patiently waiting.
- "viralator" mode showing progress while scanning is done, and then
redirecting to a "download" URL when complete

The problem with viralator mode is that it may break some things as it
responds with another response while scanning.

Regards
Henrik


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux