ESET GATEWAY SECURITY, Installation Manual

Page: 18 / 38

18 ESET Gateway Security
‘Manual Proxy Configuration’. In the last step, one has to fill up the fields ‘HTTP Proxy’ (resp. ‘FTP
Proxy’) with the host name (resp. IP address) and related ‘Port’ fields with the port where esets_
http listens to (in this example an IP address ‘192.168.1.10’ and port 8080 shall be specified). For
reread of newly created configuration, reload ESETS daemon .
It is good to note that the configuration described here is not very suitable for networks with
higher number of client’s computers. The reason is that in this case the HTTP cache (if any) is
present only in user agent and thus the same source object is scanned multiple times when
requested from different user agents.
5.2.2. Manual proxy configuration of Squid Web Proxy Cache
The manual HTTP proxy configuration of esets_http with the Squid Web Proxy Cache is
described in general by the right side of the figure 4-2.
The significant difference from the previously described configuration is that the ESET
Gateway Security is installed in HTTP/FTP Gateway between proxy cache (Squid Web Proxy in
this example) and the Internet. Thus all the HTTP/FTP responses incoming to the network are
first scanned for infiltrations and afterward stored in the network dedicated cache, i.e. all once
requested source objects present within a proxy cache are already checked for viruses and no
additional check is necessary when requested again.
In this example we configure esets_http to listen to port 8080 of the gateway server with
local network IP address 192.168.1.10 by specifying the following parameters within [http]
section of ESETS configuration file:
agent_enabled = yes
listen_addr = ”192.168.1.10”
listen_port = 8080
Note that the parameter ‘listen_addr’ can be specified either as the host name visible from the
local network or one may also use 0.0.0.0 address to let esets_http listen to all interfaces. In the
later case one has to be careful as also users outside the local network are allowed to use HTTP/
FTP scanner unless further security steps are provided to prevent from it.
In order to set up Squid to use
esets_http
as parent proxy one has to add the following lines
into the Squid configuration file (/etc/squid/squid.conf):
cache_peer 192.168.1.10 parent 8080 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
In the lines above we have set up the Squid to use http proxy listening on IP address
192.168.1.10 at port 8080 as a parent proxy. All requests processed by Squid will be thus passed
to this destination. The rest of the lines define behavior of Squid to report error message in case
the parent proxy is down or becomes unreachable. There is an alternative way to set up Squid in
order to try direct connections when the parent proxy is unreachable. In this case the parameters
to add into Squid configuration file are as follows:
cache_peer 192.168.1.10 parent 8080 0 no-query
prefer_direct off
For reread of newly created configuration, reload ESETS daemon.