havpAntivirus: HTTP proxy (havp + clamav)Status1.02/usr/local/pkg/havp.inchavphavp.shhavpAntivirus HTTP proxy Servicehttps://packages.pfsense.org/packages/config/havp/havp.inc/usr/local/pkg/0755https://packages.pfsense.org/packages/config/havp/havp_avset.xml/usr/local/pkg/0755https://packages.pfsense.org/packages/config/havp/antivirus.php/usr/local/www/0755General page/antivirus.phpHTTP proxy/pkg_edit.php?xml=havp.xml&id=0Settings/pkg_edit.php?xml=havp_avset.xml&id=0Log/havp_log.phpEnableenableCheck this for enable proxy.checkboxClamAV modeuse_clamd
Select ClamAV running mode:<br>
<b>Daemon</b> - HAVP will use ClamAV as socket scanner daemon. Default option.<br>
<b>Library</b> - HAVP will use ClamAV as loaded library scanner. Note: this mode needs much more memory.<br>
selecttrueProxy modeproxymode
Select interface mode: <br>
<b> standard </b> - client(s) bind to the 'proxy port' on selected interface(s); <br>
<b> parent for squid </b> - configure HAVP as parent for Squid proxy;<br>
<b> transparent </b> - all HTTP requests on interface(s) will be directed to the HAVP proxy server without any client configuration necessary (works as parent for squid with transparent Squid proxy); <br>
<b> internal </b> - HAVP will listen on the loopback (127.0.0.1) on configured 'proxy port.' Use you own traffic forwarding rules.<br>
selectstandardProxy interface(s)proxyinterfaceThe interface(s) for client connections to the proxy. Use 'Ctrl' + L. Click for multiple selection.interfaces_selectionlanProxy portproxyport
This is the port the proxy server will listen on (for example: 8080). This port must be different from Squid proxy.
input103125Parent proxyparentproxy
Enter the parent (upstream) proxy settings as PROXY:PORT format or leave empty.
input90Enable X-Forwarded-Forenablexforwardedfor
If client sent this header, FORWARDED_IP setting defines the value, then it is passed on. You might want to keep this disabled for security reasons.
<br>Enable this if you use your own parent proxy after HAVP, so it will see the original client IP.
<br>Disabling this also disables Via: header generation.
checkboxEnable Forwarded IPenableforwardedip
If HAVP is used as a parent proxy for some other proxy, this allows writing the real user's IP to log, instead of the proxy IP.
checkboxLanguagelangSelect the language in which the proxy server will display error messages to users.selectenMax download size, BytesmaxdownloadsizeEnter value (in Bytes) or leave empty. Downloads larger than 'Max download size' will be blocked if not whitelisted.input10HTTP Range requestsrange
Set this for allow HTTP Range requests, and broken downloads can be resumed.
Allowing HTTP Range is a security risk, because partial HTTP requests may not be properly scanned.
Whitelisted sites are allowed to use Range in any case.
checkboxWhitelistwhitelist
Enter each destination URL on a new line that will be accessable to the users without scanning.
Use '*' symbol for mask. Example: *.github.com/*, *sourceforge.net/*clamav-*, */*.xml, */*.inc
textarea605base64BlacklistblacklistEnter each destination domain on a new line that will be accessable to the users that are allowed to use the proxy.textarea605base64Block file if error scanningfailscanerrorIf set, the proxy will block the files on which an error scanning.checkboxEnable RAM Diskenableramdisk
This option allow use RAM disk for HAVP temp files for more quick traffic scan.
RAM disk size depends on 'ScanMax' file size and available memory.
This option can be ignored on systems with low memory.
( RAM disk size calculated as [1/4 available system memory] > [Scan max file size] * 100 )
checkboxScan max file sizescanmaxsize
Select this value for limit maximum file size or leave '---(5M)'.
Files larger than this limit won't be scanned.
Small values increace scan speed and maximum new connections per second and allow RAM disk use.
<br>
NOTE: Setting limit is a security risk, because some archives like
ZIP need all the data to be scanned properly! Use this only if you
can't afford temporary space for big files.
select0Scan imagesscanimg
Check this for scan image files.
This option allows you to increase reliability, but also slows down the scanning process.
checkboxScan media streamscanstreamCheck this for scan media (audio/video) stream. Use this for additional scan exploits for players.checkboxScan Broken ExecutablesscanbrokenexeCheck this to enable the Heuristic Broken Executable scan.checkboxonLoglogCheck this for enable log.checkboxsyslogSyslogsyslogCheck this for enable Syslog.checkbox
havp_before_form($pkg);
havp_validate_settings($_POST, $input_errors);
havp_resync();
havp_install();
havp_deinstall();