| This article is part of the HOWTO series.
|
WARNING
| This package is relatively new, be sure to try this in a testing environment first
|
There is now support for Anti-Virus filtering web access with the use of HAVP. See this forum thread for more information.
The package is available to install from System > Packages and you must also install the Squid proxy from the same location.
HAVP issues
Transparent proxy mode
HAVP supports transparent proxy under the following conditions:
- Squid option Transparent proxy is unchecked. To avoid conflicts, HAVP ignores its own transparent option if Squid also set as transparent.
- pfSense not have bridged interfaces. 'Transparent on Bridge'
How to setup transparent mode:
- Uncheck Transparent proxy option in the Squid package
- Set HAVP Proxy mode as 'Transparent'
Scanner issues
Why downloading large files is slow
HAVP will load your file in full and then scan it.
To avoid this, set the Scan max file size up to 100-500 KB.
In 90% cases of virus are small, and there is no need to scan large files. Scanning large downloadable files and archives can be done by the antivirus program on the client station.
HAVP and Squid
HAVP can be configured for use as follows, per the package maintainer in the forum thread:
You can choose either of these options - whichever one you prefer.
Scheme: {inet}->[HAVP]->[Squid cache]->{clients}
Setup
Squid:
- Disable upstream proxy (also will auto-disabled by HAVP)
HAVP:
- Select Proxy mode field as Parent for Squid and Save
- Scan Squid cache with Antivirus: File scanner for removing cached viruses.
- If you are planning to use Transparent Proxy mode: Squid transparent on
(do not delete exists Squid Custom Options)
Scheme: {inet}->[Squid cache]->[HAVP]->{clients}
Setup
Squid:
- Transparent Proxy off/unchecked
- Disable X-Forward unchecked
- Disable VIA unchecked
HAVP:
- If you want transparent proxy, Select "Transparent" for HAVP Proxy Mode.
- HAVP Parent proxy field (lan ip:squid port) ex. 192.168.0.1:3128
- HAVP forwarded ip checked
How to in the HAVP logs get a real IP clients
Typically, the logs HAVP with Squid instead addresses customers displayed address 127.0.0.1. How to fix this:
Squid:
- Uncheck Disable X-Forward
- Uncheck Disable VIA
- Save
HAVP:
- Check Enable Forwarded IP
- Save