ICAP and Webwasher

The ICAP feature enables the proxy server to use an ICAP server to perform request modification, request satisfaction, or response modification to any request or response.

Re: ICAP and Webwasher

Postby satish7619 » Thu Mar 03, 2005 4:59 pm

Hello,

pls disable rules for the icap module becuase i get this error

No Authorization

Your request for the URL "http://www.cxprotect.com:80/" has been blocked by Webwasher because you have not been authorized and authorization is required.


--------------------------------------------------------------------------------
generated 03/Mar/2005:12:20:59 +0100 by osiris.virusprotect.ch (Webwasher 5.1 Build 1516)
satish7619
 
Posts: 1146
Joined: Thu Apr 15, 2004 3:55 pm
Location: India

Re: ICAP and Webwasher

Postby gafrol » Thu Mar 03, 2005 5:06 pm

I just sent you a PM with access details for the Webwasher GUI. So you can play yourself .

Thanks !
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Re: ICAP and Webwasher

Postby satish7619 » Thu Mar 03, 2005 6:09 pm

Hello,

How r u planning to use it
user -> safesquid -> webwasherproxy
OR
user -> webwasherproxy -> safesquid
satish7619
 
Posts: 1146
Joined: Thu Apr 15, 2004 3:55 pm
Location: India

Re: ICAP and Webwasher

Postby gafrol » Thu Mar 03, 2005 6:36 pm

user --> safesquid -- webwasher
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Re: ICAP and Webwasher

Postby satish7619 » Thu Mar 03, 2005 8:01 pm

Hello,

I would advice you to use only the forwading rule to send requests to webwasher proxy.

Disable ICAP rules in safesquid as webwasher proxy has already got the icap services that takes cares of sending request to the ICAP Server.for scanning files for content filtering and scanning.
satish7619
 
Posts: 1146
Joined: Thu Apr 15, 2004 3:55 pm
Location: India

Re: ICAP and Webwasher

Postby gafrol » Thu Mar 03, 2005 8:22 pm

I was hoping that I could use Safesquid to do the user authentication and send the username via ICAP (X-Authenticated-User) to Webwasher in order to map the username to a defined Policy on the Webwasher. Unfortunately Webwasher is not able to do user authentication on the Proxy Level like Safesquid.

rgds
Roland
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Re: ICAP and Webwasher

Postby gafrol » Thu Mar 03, 2005 10:32 pm

I captured a short session on the Webwasher, with a dump of the comms between Safesquid and Webwasher. I don't see any X-Authenticated-User information in the packets from Safesquid. This is the required information for Webwasher to do the mapping. What I can see is the X-Client-IP information in the packet, although this useless for me.

I really doubt that the ICAP addon module for Safesquid sends this information. Can you confirm that ?

You can download the captured traffic from here:

http://62.75.249.39/traces.tgz

rgds
Roland
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Re: ICAP and Webwasher

Postby gafrol » Fri Mar 04, 2005 1:08 am

Pls refer also to this interesting document, Section 3.4 and 3.6 :

http://www.i-cap.org


rgds
Roland
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Re: ICAP and Webwasher

Postby Manish » Sat Mar 05, 2005 8:37 pm

Hi Roland,

What you say, definitely makes sense.
Though, nobody pointed us out that, before!

We were all too busy trying to validate the ICAP module with Symantec / Dr.Web.

Obviously, not many have tried to integrate SafeSquid + Webwasher.
Wow!

We'll SURELY, get it in the next upgrade of the ICAP module.

In the meantime, we could help you - create any policies you had in mind on SafeSquid itself, if it helps.

Btw. are you using PAM authentication on SafeSquid, or ... ?

Thanks for your efforts.
Tell us, if anything else doesn't seem to work the way you wished it to.
:)
Manish
Site Admin
 
Posts: 1318
Joined: Wed Apr 14, 2004 9:09 pm
Location: Mumbai

Re: ICAP and Webwasher

Postby jasonmc » Sat Mar 05, 2005 8:48 pm

The code has been updated to send that header now.

it'll be in the next version, thanks for pointing that out :)
jasonmc
 
Posts: 616
Joined: Thu Apr 15, 2004 7:42 pm
Location: Ontario

Re: ICAP and Webwasher

Postby gafrol » Mon Mar 07, 2005 3:13 am

Somebody had to be the first :wink:

I found a solution without Safesquid, I just had to setup an LDAP Server now it works with just Webwasher (Authentication and policy mapping). Thanks for your patience, and keep up the good work and excellent support !

rgds
Roland
gafrol
 
Posts: 20
Joined: Wed Mar 02, 2005 4:17 pm

Previous

Return to Internet Content Adaptation Protocol (ICAP)

Who is online

Users browsing this forum: No registered users and 1 guest

cron