IT Blögg

Nach meinen beiden ersten Artikeln, möchte ich Heute nicht all zu viele Worte verlieren, sondern nur die Konfigurationsdateien bereitstellen.

Folgender Ablauf soll eingehalten werden.
SSL-Explorer -> Squid3 -> Privoxy -> Havp (Clamd) -> Internet

Hier meine Konfigurationsdateien:
/etc/squid3/squid.conf

http_port 3128
access_log /var/log/squid3/access.log squid
cache_store_log none

acl blockeddomain dstdomain “/etc/squid3/blocked.domains.acl”
acl from_client myport 3128

cache_peer 127.0.0.1 parent 8118 0 no-query no-digest no-netdb-exchange default
cache_peer 94.126.16.233 parent 8080 0 no-query no-digest no-netdb-exchange default
icp_port 0
htcp_port 0
#acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl home_network src 192.168.1.0/24
acl SSL_ports port 443 563 # https, snews
acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregi­te­red ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # file­maker
acl Safe_ports port 777 # mul­tiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# No SSL to havp
cache_peer_access 127.0.0.1 deny CONNECT
# Connections from HAVP go to isp parent proxy (it’s next in the list)
cache_peer_access 127.0.0.1 allow all
# Everything here
cache_peer_access 94.126.16.233 allow all

http_access allow from_client localhost
http_access deny from_client all
http_access allow localhost
http_access allow home_network
http_access deny all
http_reply_access allow all
icp_access allow all
#always_direct allow from_havp
never_direct allow all
cache_dir aufs /var/spool/squid3 812 16 256
maximum_object_size 32768 KB
coredump_dir /var/spool/squid3
shutdown_lifetime 5 seconds
half_closed_clients off
pipeline_prefetch on
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
no_cache deny localhost
no_cache deny CONNECT
no_cache allow all

/etc/privoxy/config

user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
logdir /var/log/privoxy

actionsfile standard.action # Internal purpose, recommended
actionsfile global.action # Global default setting for all sites
actionsfile default.action # Main actions file
actionsfile user.action # User customizations

filterfile default.filter
logfile logfile

listen-address 127.0.0.1:8118
toggle 1
enable-remote-toggle 0
enable-remote-http-toggle 0
enable-edit-actions 0
enforce-blocks 0
buffer-limit 4096

forward / 94.126.16.233:8080 # Parent -> HAVP

forwarded-connect-retries 0
accept-intercepted-requests 0
allow-cgi-request-crunching 0

split-large-forms 0

/etc/havp/havp.config

BIND_ADDRESS 94.126.16.233
SOURCE_ADDRESS 94.126.17.223
ENABLECLAMLIB true
ENABLECLAMD false
ENABLEFPROT false
ENABLEAVG false
ENABLEAVESERVER false
ENABLESOPHIE false
ENABLETROPHIE false
ENABLENOD32 false
ENABLEAVAST false
ENABLEARCAVIR false
ENABLEDRWEB false

Und das Ganze ist eingerichtet…