Re: [SQU] Squid + Interscan VirusWall + ACL lists

From: Robert Collins <[email protected]>
Date: Tue, 22 Aug 2000 20:16:08 +1000

That ACL causes Squid to look at the source address for that _connection_,
so your users connecting to the viruswall will all appear to squid as if
they are coming from the same machine..

You need to either
* put viruswall on the other side of squid and let squid talk directly to
the users or
* have viruswall perform the IP source checks or
* put ipfilter or something similar on the machine and have it deny access
to port 8080 except from allowed address's

Rob

----- Original Message -----
From: <Michael.J.Anderson@OSR.treasury.qld.gov.au>
To: <squid-users@ircache.net>
Sent: Tuesday, August 22, 2000 4:36 PM
Subject: [SQU] Squid + Interscan VirusWall + ACL lists

> Hi,
>
> I am currently performing an evaluation of squid together
> with interscan viruswall.
>
> I have come across a problem when I try to implement an
> acl of valid users based upon IP address who then have
> also to supply a username and password to access
> the internet. The acls that I have used to do this are
>
> acl passwd proxy_auth REQUIRED
> acl test_group src "/usr/local/squid/etc/iplist"
> acl all src 0.0.0.0/0.0.0.0
> http_access allow test_group passwd
> http_access deny all
>
> the file /usr/local/squid/etc/iplist contains the following
> entries
>
> 161.143.76.182/255.255.0.0
>
> The interscan virus wall is running on the same Linux box
> as squid and is using port 8080 (squid is running on 2728)
>
> The browser on the client (161.143.76.182) is setup to point to
> port 8080.
>
> What I want to happen is for squid to check if the request is
> coming from 161.143.76.182, and if so then to prompt for
> a username and password.
>
> If the request is not coming from 161.143.76.182 then the user
> should be shown the squid generated error page, instead
> they are prompted for a username and password - which if
> valid will allow them to connect to the net. This in effect allows
> them to circumvent the acl specifing that they must be from
> the .182 address.
>
> I beleive this is caused by the line in the /usr/local/squid/etc/iplist
> file. I have determined this by setting the client to port 2728
> (bypassing the interscan virus wall) and changing the line in
> the iplist file to
>
> 161.143.76.182/255.255.255.255
>
> and everything works as expected - the problem is that when
> I point the client back to using the interscan virus wall port (8080)
> Squid does not accept the client's ip address as being one
> contained in the /usr/local/squid/etc/iplist file (though it is).
>
> I suspect that because the request is first going through the
> virus wall's port before going onto squid, the ip address is
> somehow being altered.
>
> If anyone can give me some advice on how to fix this problem
> can they please reply. Also if I haven't given enough information
> let me know and I can post the relevent details.
>
> Thanks
>
> Michael Anderson
> (michael.anderson@osr.qld.gov.au)
>
>
>
> --
> To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
>
>

--
To unsubscribe, see http://www.squid-cache.org/mailing-lists.html
Received on Tue Aug 22 2000 - 04:11:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:57 MST