[Pb] Squid+relais HTTP (antivirus)

Squid+relais HTTP (antivirus) [Pb] - réseaux et sécurité - Linux et OS Alternatifs

Marsh Posté le 25-02-2005 à 11:35:39    

:hello:  
 
Je suis en train de galérer comme pas possible pour faire fonctionner mon serveur Squid avec mon serveur Trend (IMSS -> antivirus HTTP).
 
Mon architecture est toute simple :
- Les utilisateurs font des requetes HTTP sur le proxy Squid (port 3128)
- Le proxy doit relayer les requetes sur la passerelle antivirus HTTP Trend (port 8080)
- La passerelle antivirus est autorisé à sortir sur Internet
 
 
A partir d'une machine sur le réseau lorsque je mets le serveur antivirus en tant que passerelle Internet, je peux surfer.  
Donc à mon avis squid semble correctement configuré
 
Par contre dès que je mets sur mon poste client l'adresse du proxy (port 3128), cela ne fonctionne pas.
 
PS : le proxy est sans redirection vers la passerelle antivirus, sa fonctionne, je peux surfer.
 
 
Voici ce que j'ai rajouté dans mon /etc/squid.conf

Code :
  1. # Redirection des requetes vers un cache externe -> Trend Micro
  2. cache_peer 10.10.100.106 parent 8080 0 no-query
  3. cache_peer_access 10.10.100.106 allow sls_net


 
Voici mon fichier /var/log/squid/access.log

Code :
  1. RESH_HIT:FIRST_UP_PARENT
  2. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://us.i1.yimg.com/us.yimg.com/ [...] i_web2.gif HTTP/1.1" 200 35
  3. 7 TCP_HIT:NONE
  4. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.com/i/eu/hp/t/mess.gif HTTP/1.1" 200 1854 TCP_REF
  5. RESH_HIT:FIRST_UP_PARENT
  6. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.com/i/eu/hp/t/mon.gif HTTP/1.1" 200 708 TCP_REFRE
  7. SH_HIT:FIRST_UP_PARENT
  8. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] /can16.gif HTTP/1.1" 200 395 TCP_M
  9. ISS:FIRST_UP_PARENT
  10. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] e/frlo.gif HTTP/1.1" 200 3866 TCP_MI
  11. SS:FIRST_UP_PARENT
  12. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] /porta.jpg HTTP/1.1" 200 2765 TCP_MI
  13. SS:FIRST_UP_PARENT
  14. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] jlo101.jpg HTTP/1.1" 200 3323 TCP_M
  15. ISS:FIRST_UP_PARENT
  16. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] /stere.jpg HTTP/1.1" 200 14413 TCP_M
  17. ISS:FIRST_UP_PARENT
  18. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] /white.gif HTTP/1.1" 200 2218 TCP_MI
  19. SS:FIRST_UP_PARENT
  20. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.a1.yimg.com/java.europe [...] fssv004.js HTTP/1.1" 200 290
  21. 4 TCP_MISS:FIRST_UP_PARENT
  22. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.com/i/de/mu/but2.jpg HTTP/1.1" 200 1071 TCP_MISS:
  23. FIRST_UP_PARENT
  24. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://pub.partirpascher.com/RealM [...] places/112
  25. 3456789/x32/yahoo_marketplaces/img_yahoo_marketplaces/124 HTTP/1.1" 302 695 TCP_MISS:FIRST_UP_PARENT
  26. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://eur.i1.yimg.com/eur.yimg.com/i/fr/sh/tvth.jpg HTTP/1.1" 200 2219 TCP_MISS:
  27. FIRST_UP_PARENT
  28. 10.10.200.94 - - [25/Feb/2005:11:32:19 +0100] "GET http://pub.partirpascher.com/RealM [...] spacer.gif HTTP/1.1
  29. " 200 441 TCP_MISS:FIRST_UP_PARENT
  30. 10.10.200.94 - - [25/Feb/2005:11:32:20 +0100] "GET http://eur.a1.yimg.com/eur.yimg.co [...] e95x30.gif HTTP/1.1" 200
  31. 1352 TCP_REFRESH_HIT:FIRST_UP_PARENT
  32. 10.10.200.94 - - [25/Feb/2005:11:32:20 +0100] "GET http://eur.i1.yimg.com/eur.yimg.co [...] /game2.gif HTTP/1.1" 200 1864 TCP_MI
  33. SS:FIRST_UP_PARENT
  34. 10.10.200.94 - - [25/Feb/2005:11:32:46 +0100] "GET http://www.squid.com/ HTTP/1.1" 200 2990 TCP_MISS:FIRST_UP_PARENT
  35. 10.10.200.94 - - [25/Feb/2005:11:32:46 +0100] "GET http://www.squid.com/rave_photos.gif HTTP/1.1" 200 2333 TCP_MISS:FIRST_UP_PARENT
  36. 10.10.200.94 - - [25/Feb/2005:11:32:47 +0100] "GET http://www.squid.com/production.gif HTTP/1.1" 200 4780 TCP_MISS:FIRST_UP_PARENT
  37. 10.10.200.94 - - [25/Feb/2005:11:32:47 +0100] "GET http://www.squid.com/logo.gif HTTP/1.1" 200 16047 TCP_MISS:FIRST_UP_PARENT
  38. 10.10.200.94 - - [25/Feb/2005:11:32:47 +0100] "GET http://www.squid.com/pics/2004.05. [...] W_8791.jpg HTTP/1.
  39. 1" 200 4368 TCP_MISS:FIRST_UP_PARENT
  40. 10.10.200.94 - - [25/Feb/2005:11:32:47 +0100] "GET http://www.squid.com/studio/pics/2 [...] W_8921.jpg HTTP/1.
  41. 1" 200 2597 TCP_MISS:FIRST_UP_PARENT
  42. 10.10.200.94 - - [25/Feb/2005:11:32:47 +0100] "GET http://www.squid.com/studio_work.gif HTTP/1.1" 200 2356 TCP_MISS:FIRST_UP_PARENT
  43. 10.10.200.94 - - [25/Feb/2005:11:32:48 +0100] "GET http://www.squid.com/ticket_sales.gif HTTP/1.1" 200 6669 TCP_MISS:FIRST_UP_PARENT
  44. 10.10.200.94 - - [25/Feb/2005:11:32:58 +0100] "GET http://fr.yahoo.com/r/sx/*-http://fr.search.yahoo.com/search? HTTP/1.1" 0 0 TCP_M
  45. ISS:NONE
  46. 10.10.200.94 - - [25/Feb/2005:11:33:01 +0100] "GET http://fr.yahoo.com/r/sx/*-http:// [...] om/search? HTTP/1.1" 0 0 TCP_M
  47. ISS:NONE
  48. 10.10.200.94 - - [25/Feb/2005:11:33:01 +0100] "GET http://fr.yahoo.com/r/mh/my HTTP/1.1" 302 382 TCP_MISS:FIRST_UP_PARENT
  49. 10.10.200.94 - - [25/Feb/2005:11:33:02 +0100] "GET http://fr.my.yahoo.com/ HTTP/1.1" 200 12528 TCP_MISS:FIRST_UP_PARENT


 
Voici les logs sur mon antivirus
 

Code :
  1. 2005/02/25 11:32:53 GMT-06:00 <3484>  scan_action_info.vsapi_ret=0 ret=0\n
  2. 2005/02/25 11:32:53 GMT-06:00 <3484> >>> info.filetype=2003, vnode->ftype=28
  3. 2005/02/25 11:32:53 GMT-06:00 <3484> Post-scan phase
  4. 2005/02/25 11:32:53 GMT-06:00 <3484> No need to store data anymore.  Enter parallel mode.
  5. 2005/02/25 11:32:53 GMT-06:00 <3484> Set response into parallel transfer mode [952]/[948]
  6. 2005/02/25 11:32:53 GMT-06:00 <3484> Requesting write operation for parallel sending response on [952]
  7. 2005/02/25 11:32:53 GMT-06:00 <3484> RESPONSE_PARALLEL isRecvComplete([948]) 1, isSendComplete([952]) 0
  8. 2005/02/25 11:32:53 GMT-06:00 <3484> DoProcessing returned NEED_MORE_DATA
  9. 2005/02/25 11:32:53 GMT-06:00 <1144> HandleIO called for [952].
  10. 2005/02/25 11:32:53 GMT-06:00 <1144> [952] It's write event.
  11. 2005/02/25 11:32:53 GMT-06:00 <1144> First line : 17 bytes retrieved
  12. 2005/02/25 11:32:53 GMT-06:00 <1144> Header : 365 bytes retrieved
  13. 2005/02/25 11:32:53 GMT-06:00 <1144> outputNormalBody 12071 bytes read, read state 4, Content Length 12071, Offset 12071
  14. 2005/02/25 11:32:53 GMT-06:00 <1144> Normal Body : No more body
  15. 2005/02/25 11:32:53 GMT-06:00 <1144> Body : 12071 bytes retrieved
  16. 2005/02/25 11:32:53 GMT-06:00 <1144> [952] 12453 bytes written.
  17. 2005/02/25 11:32:53 GMT-06:00 <1144> No data written 0
  18. 2005/02/25 11:32:53 GMT-06:00 <1144> DoProcessing
  19. 2005/02/25 11:32:53 GMT-06:00 <1144> RESPONSE_PARALLEL isRecvComplete([948]) 1, isSendComplete([952]) 1
  20. 2005/02/25 11:32:53 GMT-06:00 <1144> Shifted to TRANSACTION_DONE stage
  21. 2005/02/25 11:32:53 GMT-06:00 <1144> Transaction complete
  22. 2005/02/25 11:32:53 GMT-06:00 <1144> Request Connection Keep-Alive : true
  23. 2005/02/25 11:32:53 GMT-06:00 <1144> Response Connection Keep-Alive : false
  24. 2005/02/25 11:32:53 GMT-06:00 <1144> It's not Keep-Alive, so the connection will be closed.
  25. 2005/02/25 11:32:53 GMT-06:00 <1144> DoProcessing returned TRANSACTION_TERMINATED
  26. 2005/02/25 11:32:53 GMT-06:00 <1144> Close server connection [948]
  27. 2005/02/25 11:32:53 GMT-06:00 <1144> [952] Connection state reset
  28. 2005/02/25 11:32:53 GMT-06:00 <1144> [952] Finalizing connection.
  29. 2005/02/25 11:32:53 GMT-06:00 <1144> Closing socket [952]
  30. 2005/02/25 11:33:22 GMT-06:00 <3096> IWSSListenThread : got event signal.\n
  31. 2005/02/25 11:33:22 GMT-06:00 <3096> IWSSListenThread : m_hNetworkEvent signaled.\n
  32. 2005/02/25 11:33:22 GMT-06:00 <3096> Done accepting new connections
  33. 2005/02/25 11:33:52 GMT-06:00 <3096> IWSSListenThread : got event signal.\n
  34. 2005/02/25 11:33:52 GMT-06:00 <3096> IWSSListenThread : m_hNetworkEvent signaled.\n
  35. 2005/02/25 11:33:52 GMT-06:00 <3096> Done accepting new connections

Reply

Marsh Posté le 25-02-2005 à 11:35:39   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed