[squid-users] Issues setting up a proxy for malware scanning

Egoitz Aurrekoetxea egoitz at sarenet.es
Mon Mar 4 17:20:28 UTC 2019


Hi mates! 

I was trying to setup a Squid server for the following matter. I wanted
to have some modified url pointing to my Squid proxy, so that Squid to
be able to connect to destination, scan the content and if all is ok,
return a 3xx to the real URL. For that purpose I use the following
configuration https://pastebin.com/raw/mP73fame . The url redirector in
that config is  https://pastebin.com/p6Usmq75 

I'm facing the two following problems, probably due to not having a
large experience in Squid : 

- I needed the Sophos ICAP service to scan content and see there's no
malware there, before returning a 30X redirect to the real url. 

- https content is not being redirected... I get the following error : 

curl -vv
https://2016.eicar.org.cloud-protection.sarenet.es/download/eicarcom2.zip
*   Trying 172.16.8.41...
* TCP_NODELAY set
* Connected to 2016.eicar.org.cloud-protection.sarenet.es (172.16.8.41)
port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection:
ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol 

Could anyone give us a clue for fixing this two issues?. Is it a
possible configuration?. 

Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190304/4bac0924/attachment.html>


More information about the squid-users mailing list