[squid-users] kaspersky and ufdbguard

Vacheslav m_zouhairy at skno.by
Thu May 17 12:30:29 UTC 2018


Yeah all that I know, The million dollar question is should I continue blocking it?

-----Original Message-----
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Marcus Kool
Sent: Thursday, May 17, 2018 3:22 PM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] kaspersky and ufdbguard

195.122.177.165 is an IP address of Kaspersky (see whois 195.122.177.165).
ufdbguardd blocks this IP address since it is configured to do so which is indicated by 'https-option', most likely because the config has
    option enforce-https-with-hostname on # default is off.

Marcus


On 17/05/18 08:03, Vacheslav wrote:
> I have this:
> acl {
>     allSystems  {
>        ### EDIT THE NEXT LINE FOR LOCAL CONFIGURATION:
>        pass
> 	   alwaysallow
> 	   # !always-block
> 	    !ms-data-collection
> 	   !adult !security
> 	    !proxies !malware !warez
> 	   !gambling !violence !drugs
>        	  !phishtank !spyware
> 	   chat dating !games religion  finance jobs shops sports travel news
> 	   webmail forum socialnet youtube
>             !webtv webradio audiovideo
> 	   !ads
>             searchengine
> 	   # with "logall on" or "logpass on" it makes sense to have the category "checked" in the ACL.
> 	   any
> 	   # NOTE: ALL categories are part of the ACL for logging purposes.
> 	   # Only when logall is off, one can remove the allowed categories from the ACL.
>     }
> 
> I don't have a similar config acl.
> 
> -----Original Message-----
> From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of Amos Jeffries
> Sent: Thursday, May 17, 2018 1:56 PM
> To: squid-users at lists.squid-cache.org
> Subject: Re: [squid-users] kaspersky and ufdbguard
> 
> On 17/05/18 17:45, Vacheslav wrote:
>> Peace,
>>
>> When I configured Kaspersky to use proxy, I started getting as an example:
>>
>> BLOCK -                10.96.0.104     config     https-option
>> 195.122.177.165:443 CONNECT
>>
>> I have require https hostname. Kaspersky is updating fine.
>>
>> Anyone has an idea what Kaspersky is connecting ?
>>
> 
> That is a custom log format, you have not provided any info about what each field is. So no, we don't have much of a clue what it means.
> 
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
> 
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users




More information about the squid-users mailing list