Manual proxy configuration of Squid

The manual HTTP proxy configuration of esets_http with Squid is illustrated in the right hand side of Figure 5-2.

The significant difference from the previously described configuration is that ESET Gateway Security is installed on the HTTP/FTP Gateway between the proxy cache (Squid in this example) and the Internet. All inbound HTTP/FTP communications are first scanned for infiltrations and then stored in the dedicated network cache. In other words, all previously requested source objects present within the proxy cache are already checked for viruses and no additional checking is necessary when requested again.

In the following example, esets_http is configured to listen on port 8080 of the gateway server, with a local network IP address of 192.168.1.10, by specifying the following parameters in the [http] section of the ESETS configuration file:

agent_enabled = yes
listen_addr = ”192.168.1.10”
listen_port = 8080

Note that the parameter ‘listen_addr’ can be used to specify the host name visible from the local network and also can be used to allow esets_http to listen to all interfaces, by entering an address of 0.0.0.0. Use caution in the latter case, as users outside the local network would be allowed to use the HTTP/FTP scanner unless additional security is added to prevent this.

To set up Squid to use esets_http as a parent proxy, add the following lines to the Squid configuration file (/etc/squid/squid.conf):

cache_peer 192.168.1.10 parent 8080 0 no-query default
acl all src all
never_direct allow all

If an earlier version (2.x) is installed, add the following lines to the Squid configuration file:

cache_peer 192.168.1.10 parent 8080 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all

In the example above, Squid has been configured to use HTTP proxy listening at IP address 192.168.1.10 on port 8080 as a parent proxy. All requests processed by Squid will be passed to this destination. The remaining lines are used to configure error message reporting in the event that the parent proxy is down or becomes unreachable. To configure Squid to attempt direct connections when the parent proxy is unreachable, add the following parameters to the Squid configuration file:

cache_peer 192.168.1.10 parent 8080 0 no-query
prefer_direct off

To reread the newly created configuration, reload the ESETS daemon.