havpAntivirus: HTTP proxy (havp + clamav)Status0.88_03/usr/local/pkg/havp.inchavphavp.shhavpAntivirus HTTP proxy Servicehttp://www.pfsense.com/packages/config/havp/havp.inc/usr/local/pkg/0755http://www.pfsense.com/packages/config/havp/havp_fscan.xml/usr/local/pkg/0755http://www.pfsense.com/packages/config/havp/havp_avset.xml/usr/local/pkg/0755HTTP proxy/pkg_edit.php?xml=havp.xml&id=0Files Scanner/pkg_edit.php?xml=havp_fscan.xml&id=0Settings/pkg_edit.php?xml=havp_avset.xml&id=0EnableenableCheck this for enable proxy.checkboxProxy modeproxymode
Select interface mode: <br>
<b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br>
<b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br>
<b> transparent </b> - all 'http' requests on interface(s) will be translated to the HAVP proxy server without any client(s) additional configuration necessary (worked as 'parent for squid' with 'transparent' Squid proxy); <br>
<b> internal </b> - HAVP listen internal interface (127.0.0.1) on 'proxy port', use you own traffic forwarding rules.<br>
selectstandardProxy interface(s)proxyinterfaceThe interface(s) for client connections to the proxy. Use 'Ctrl' + L.Click for multiple selection.interfaces_selectionlanProxy portproxyport
This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy.
input103125Parent proxyparentproxy
Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty.
input90Enable X-Forwarded-Forenablexforwardedfor
If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.
<br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP.
<br>Disabling this also disables Via: header generation.
checkboxEnable Forwarded IPenableforwardedip
If HAVP is used as parent proxy by some other proxy, this allows to write the real users IP to log, instead of proxy IP.
checkboxLanguagelangSelect the language in which the proxy server will display error messages to users.selectenMax download size, BytesmaxdownloadsizeEnter value (in Bytes) or leave empty. Downloads larger, than 'Max download size' will be blocked. Only if not Whitelisted!input10HTTP Range requestsrange
Set this for allow HTTP Range requests, and broken downloads can be resumed.
Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
Whitelisted sites are allowed to use Range in any case.
checkboxWhitelistwhitelist
Enter each destination url on a new line that will be accessable to the users without scanning.
Use '*' symbol for mask. Example: *.pfsense.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc
textarea605base64BlacklistblacklistEnter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.textarea605base64Block file if error scanningfailscanerrorIf set, the proxy will block the files on which an error scanning.checkboxEnable RAM Diskenableramdisk
This option allow use RAM Disk for HAVP temp files for more quick traffic scan.
Ram Disc size depend from 'ScanMax file size and avialable memory.
This option can be ignored in VMVare or on 'low system memory'.
( RAM Disk size calculated as [1/4 avialable system memory] > [Scan max file size] * 100 )
checkboxScan max file sizescanmaxsize
Select this value for limit maximum file size or leave '---(5M)'.
Files larger than this limit won't be scanned.
Small values increace scan speed and maximum new connections per second and allow RAM Disk use.
<br>
NOTE: Setting limit is a security risk, because some archives like
ZIP need all the data to be scanned properly! Use this only if you
can't afford temporary space for big files.
select0Scan imagesscanimgCheck this for scan image files.checkboxSyslogsyslogCheck this for enable Syslog.checkboxLoglogCheck this for enable log.checkbox
havp_before_form(&$pkg);
havp_validate_settings($_POST, &$input_errors);
havp_resync();