Hello,
I'm actually trying to scan https web pages for viruses.
I have a working squid 3.5.21 configured for https intercept with ssl bump peek splice (basic) like following :
[...]
ssl_bump peek all
ssl_bump splice all
--
[...]
icap_enable on
adaptation_send_client_ip on
adaptation_send_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp allow all
[...]
I have c-icap, clamd, installed and running correctly.
My problem is the following:
I've an external web server, accessible in both HTTP or HTTPS, in one of its websites, I've put a eicar.com file. When I access it via HTTP, the eicar.com file is correctly blocked, but when I do it over HTTPS, the file is not blocked ... And I don't see why ...
Does peek / splice don't allow icap scanning/filtering ?
Thanks for the help.
Cheers,
do Vale Victor
Ingénieur Systèmes, Réseaux et Sécurité
Ingénieur Systèmes, Réseaux et Sécurité
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
