Archive for April, 2010

Configuring Polipo & HAVP + ClamAV in Ubuntu

April 27, 2010

Polipo very effectively implemented as a web-proxy in a small network (SOHO). The ease, simplicity and speed can be used as an option to replace Squid as a web-proxy. Even so, remain necessary virus-scanner that can act proactively to prevent the entry of the virus while surfing on the internet. In this article, I only gave examples of how to configure Polipo as a web-proxy which is equipped with a collaboration between HAVP & ClamAV as a virus-scanner.

Please follow the steps on the following line.

  1. Information Schema.
                   192.168.0.253:8123
                          ||                      [eth1]
                          ||                        ||
     [Intranet]--------[Polipo]-+-[HAVP]--------[Internet]
         ||                         ||
       [eth0]                   Parent Proxy
    192.168.0.0/24             127.0.0.1:8080
                                    ||
                                    ||
                                 [ClamAV]
  2. Installing Polipo for the first time.

    ~# apt-get install polipo

  3. Installing HAVP, ClamAV and ClamAV update virus databases for the first time.

    ~# apt-get install havp clamav
    ~# freshclam

  4. Make sure the configuration files in “/etc/polipo/config”, at least as the following lines.

    daemonise = true
    proxyAddress = “192.168.0.253”
    allowedClients = 127.0.0.1, 192.168.0.0/24
    proxyName = “kokikode.wordpress.com”
    parentProxy = 127.0.0.1:8080 # HAVP as parent proxy.
    forbiddenFile = /etc/polipo/forbidden # Commonly used to block the ad.
    chunkHighMark = 819200 # If you’ve got plenty of memory, set value is 50331648.
    objectHighMark = 128 # If you’ve got plenty of memory, set value is 16384.
    diskCacheFilePermissions = 0600
    diskCacheDirectoryPermissions = 0700
    diskCacheRoot = /cache1/polipo
    disableLocalInterface = true
    localDocumentRoot = “”
    dnsQueryIPv6 = no
    dnsUseGethostbyname = reluctantly
    censoredHeaders = from, accept-language
    censorReferer = maybe
    dontCacheRedirects = false
    allowedPorts = 1-65535
    tunnelAllowedPorts = 1-65535

  5. Make sure the configuration files in “/etc/havp/havp.config”, at least as the following lines.

    USER havp
    GROUP havp
    DAEMON true
    PIDFILE /var/run/havp/havp.pid
    SERVERNUMBER 20
    MAXSERVERS 100
    ACCESSLOG /var/log/havp/access.log
    ERRORLOG /var/log/havp/havp.log
    USESYSLOG false
    SYSLOGNAME havp
    SYSLOGFACILITY daemon
    SYSLOGLEVEL info
    LOG_OKS true
    LOGLEVEL 1
    SCANTEMPFILE /var/spool/havp/havp-XXXXXX
    TEMPDIR /var/tmp
    DBRELOAD 60
    TRANSPARENT false
    FORWARDED_IP true
    PORT 8080
    BIND_ADDRESS 127.0.0.1
    TEMPLATEPATH /etc/havp/templates/en
    ENABLECLAMLIB true
    CLAMDBDIR /var/lib/clamav
    ENABLECLAMD false
    ENABLEFPROT false
    ENABLEAVG false
    ENABLEAVESERVER false
    ENABLESOPHIE false
    ENABLETROPHIE false
    ENABLENOD32 false
    ENABLEAVAST false
    ENABLEARCAVIR false
    ENABLEDRWEB false

  6. Make sure the rules in the IPTables in this case, at least as the following lines.

    ~# iptables -A INPUT -j ACCEPT -p tcp -i eth0 -s 192.168.0.0/24 –-dport 8123

    *) Polipo default port on 8123.

  7. Restart Polipo and HAVP service.

    ~# /etc/init.d/polipo force-reload
    ~# /etc/init.d/havp force-reload

  8. Please configure your internet browser manually, because Polipo non-transparent proxy.

    HTTP Proxy: 192.168.0.253 – Port: 8123
    HTTPS/SSL Proxy: 192.168.0.253 – Port: 8123

  9. Finish.

Sample configuration above, please be adapted and improvised to suit your needs. In this article, I use Ubuntu Server 8.04 LTS, Polipo 1.0.4, HAVP 0.89, and ClamAV 0.95.3.