[squid-users] icap SOPHOS SAVDI and custom errorpage
Amos Jeffries
squid3 at treenet.co.nz
Fri Jan 10 13:28:24 UTC 2020
On 10/01/20 11:37 pm, netadmin wrote:
> squid.conf
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/squid.conf>
Okay, so you have taken the part of David's config which sends traffic
to ICAP, but not the part which generates a custom 403 message for the
client.
That means whatever SAVDI is providing to Squid via ICAP is being
delivered to the end-client.
> access.log
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/access.log>
Notice the "Content-Length: 0" in the response headers delivered to the
client ...
> icap.log
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/icap.log>
> Sophos_SAVDI.log
> <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/Sophos_SAVDI.log>
>
... and in both these the HTTP response given to SAVDI was 184 bytes long.
SAVDI is truncating infected payloads and telling Squid to deliver a
0-length response instead of the infection. So the setup is working fine
- though not with the log entries you were expecting to see.
Amos
More information about the squid-users
mailing list