On 7/12/2012 11:17 PM, Peter H. Lemieux wrote:
This is my first posting. Please be gentle!
I've run Squid in many arrangements but only recently have I been using
the ICAP client to invoke SquidClamAV. I've browsed the wiki and
searched on Google, but I can't seem to figure out how I might use ACLs
to control when a request gets passed to the ICAP server.
We have a Windows server that wants to download an update file from
windowsupdate.com. That file triggers the known ClamAV false positive
W32.Virut.Gen.D-159. I'd like to write an ACL so that objects requested
from this machine's IP address are not passed to the ICAP server but
sent directly to the requesting machine.
I've written lots of ACLs in the past to exempt hosts, URL regexes, and
the like, but I can't seem to figure out how to do this with an ICAP
request. I've looked at the documentation for configuration file
directives like adaptation_access, icap_service, and the like, but I
can't seem to find anything that tells me how to use ACLs with those.
Can anyone point me to some documentation I might read, or suggest some
methods to use ACLs with ICAP?
Thanks!
Peter
use the logic of acls:
##start
#instead of 192.168.0.1 use the machie ip
acl my_machine src 192.168.0.1
icap_service service_av reqmod_precache bypass=0
icap://clamavserver:1344/reqmod
adaptation_access service_av deny my_machine
adaptation_access service_av allow all
##end
That is all
Best Regards,
Elieze
--
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il
