Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
905 Views 8 Replies Latest reply: Dec 18, 2013 11:40 PM by mirbond RSS
georgec Champion 244 posts since
Sep 9, 2010
Currently Being Moderated

Feb 15, 2013 7:13 AM

SQUID+ NDLP Prevent

Hi,


Has anyone used successfully NDLP with a squid? And if yes, can you provide the config?

 

Thanks,

George

  • mirbond Newcomer 3 posts since
    Nov 30, 2013
    Currently Being Moderated
    1. Nov 30, 2013 2:11 PM (in response to georgec)
    Re: SQUID+ NDLP Prevent

    Hi George and everybody !

    Have you  found answer on this question. And if yes, could you please share it?

  • andyclements Apprentice 131 posts since
    Jul 27, 2012
    Currently Being Moderated
    2. Dec 1, 2013 12:50 AM (in response to georgec)
    Re: SQUID+ NDLP Prevent

    I don't have squid installed with which to test anything, but the SQUID folks have the configuration you should need here.

     

    There will be a few differences.  You will need to substitute the address of your Prevent system where you see localhost.  Also, Prevent uses /REQMOD and /RESPMOD where the SQUID documentation uses uses /request and /response.

  • mirbond Newcomer 3 posts since
    Nov 30, 2013
    Currently Being Moderated
    3. Dec 7, 2013 8:54 AM (in response to georgec)
    Re: SQUID+ NDLP Prevent

    I`d be really happy to hear that somebody from community has already done such integration. Thanks in advance.

  • mdnramos Apprentice 52 posts since
    Nov 23, 2009
    Currently Being Moderated
    4. Dec 10, 2013 3:11 PM (in response to mirbond)
    Re: SQUID+ NDLP Prevent

    Hi mirbond,

     

    I would expect that a SQUID deployment may have many specifics for a given environment (things such as SSL bump, user auth and so on), but here are the ICAP lines from my lab which are required to get the ICAP service on SQUID working with NDLP (IP address is just an example):

     

    icap_enable on

    icap_service service_req reqmod_precache 0 icap://1.1.1.1:1344/reqmod

    adaptation_access service_req allow all

     

    That is the working configuration on Squid 3.1.19

     

    Any more detail would require an undertstanding of the specific requirements for Squid but the above should be enough to get it working with NDLP Prevent.

     

    You might find it tricky to get ICAP setup and working in first place in SQUID but there is plenty of discussions around this in the SQUID forums. May also help to look for specific info on SQUID for the specific distro you are working with so you know the specific version that is shipped on the OS and what it supports. Until recently the easiest way to get ICAP working on SQUID was to compile it from source with the required modules.

     

    Hope this helps.

     

    on 10/12/13 21:11:11 GMT

    --------------------------------------------------
    -Marcelo

    McAfee SupportPortal - https://mysupport.mcafee.com/Eservice/Default.aspx

    FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088

    FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144

  • vrad Newcomer 2 posts since
    Jan 30, 2013
    Currently Being Moderated
    5. Dec 16, 2013 2:40 AM (in response to mdnramos)
    Re: SQUID+ NDLP Prevent

    Hi mdnramos

     

    Thanks for your advise.

    We had success with Squid 3.1.19 and NDLP Prevent 9.3 Virtual Appliance.

    But ICAP work properly only if user authentification on Squid is disabled.

    When user auth. is enabled I received "ICAP Server Error".

     

    For customer authentification is critical.

     

    Can you provide some instructions how I can enable Squid & Prevent with user authentification enabled?

     

    p.s.

     

    Ifo about Squid

     

    >>>> # squid -v

    >>>> Squid Cache: Version 3.1.19

    >>>> configure options:  '--prefix=/usr' '--build=i686-pc-linux-gnu'

    >>>> '--host=i686-pc-linux-gnu''--mandir=/usr/share/man'

    >>>> '--infodir=/usr/share/info''--datadir=/usr/share' '--sysconfdir=/etc'

    >>>> '--localstatedir=/var/lib''--disable-dependency-tracking'

    >>>> '--sysconfdir=/etc/squid''--libexecdir=/usr/libexec/squid'

    >>>> '--localstatedir=/var''--with-pidfile=/var/run/squid.pid'

    >>>> '--datadir=/usr/share/squid''--with-logdir=/var/log/squid'

    >>>> '--with-default-user=squid''--enable-auth=basic,digest,negotiate,ntlm'

    >>>> '--enable-removal-policies=lru,heap'

    >>>>'--enable-digest-auth-helpers=ldap,password'

    >>>>'--enable-basic-auth-helpers=PAM,LDAP,getpwnam,NCSA,MSNT'

    >>>>'--enable-external-acl-helpers=ldap_group,ip_user,session,unix_group'

    >>>> '--enable-ntlm-auth-helpers=fakeauth'

    >>>> '--enable-negotiate-auth-helpers='

    >>>> '--enable-useragent-log''--enable-cache-digests'

    >>>> '--enable-delay-pools'

    >>>> '--enable-referer-log''--enable-arp-acl' '--with-large-files'

    >>>> '--with-filedescriptors=8192''--disable-strict-error-checking'

    >>>> '--without-libcap' '--disable-ipv6''--disable-snmp' '--enable-ssl'

    >>>> '--enable-icap-client' '--disable-ecap''--disable-zph-qos'

    >>>> '--disable-mit' '--disable-heimdal''--enable-storeio=ufs,diskd,aufs'

    >>>> '--enable-linux-netfilter''--disable-linux-tproxy' '--enable-epoll'

    >>>> 'build_alias=i686-pc-linux-gnu''host_alias=i686-pc-linux-gnu'

    >>>> 'CC=i686-pc-linux-gnu-gcc''CFLAGS=-march=native -O2 -pipe

    >>>> -fomit-frame-pointer' 'LDFLAGS=-Wl,-O1-Wl,--as-needed'

    >>>> 'CXXFLAGS=-march=native -O2 -pipe-fomit-frame-pointer'

    >>>>--with-squid=/var/tmp/portage/net-proxy/squid-3.1.19/work/squid-3.1.19

     

    Message was edited by: vrad on 12/16/13 2:40:55 AM CST
  • mdnramos Apprentice 52 posts since
    Nov 23, 2009
    Currently Being Moderated
    6. Dec 16, 2013 3:59 AM (in response to vrad)
    Re: SQUID+ NDLP Prevent

    Hi vrad,

     

    Are you able to post your squid config here? Obviously you may omit any parts that may be sensitive, but I would be particularly interested in the authentication and ICAP sections.


    --------------------------------------------------
    -Marcelo

    McAfee SupportPortal - https://mysupport.mcafee.com/Eservice/Default.aspx

    FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088

    FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144

  • vrad Newcomer 2 posts since
    Jan 30, 2013
    Currently Being Moderated
    7. Dec 16, 2013 5:26 AM (in response to mdnramos)
    Re: SQUID+ NDLP Prevent

    Here is my config:

     

     

    # OPTIONS FOR AUTHENTICATION

    # -----------------------------------------------------------------------------

     

    auth_param basic program /usr/libexec/squid/squid_ldap_auth \

      -R -b "DC=test,DC=com" -D "xxx@test.com" -w passw0rd -f "sAMAccountName=%s" 1.1.1.1

     

     

    # ACCESS CONTROLS

    # -----------------------------------------------------------------------------

     

    external_acl_type active_directory_group ttl=900 %LOGIN /usr/libexec/squid/squid_ldap_group \

      -R -b "DC=test,DC=com" -D "xxx@test.com" -w passw0rd \

      -f "(&(sAMAccountName=%u)(memberOf=CN=%g,OU=Proxy,OU=Internet Services,DC=test,DC=com))" 1.1.1.1

     

     

    acl manager proto cache_object

    acl localhost src 127.0.0.1/32

    acl to_localhost dst 127.0.0.0/8

     

    acl SSL_ports port 443

    acl Safe_ports port 80

    acl Safe_ports port 21

    acl Safe_ports port 443

    acl Safe_ports port 70

    acl Safe_ports port 210

    acl Safe_ports port 1025-65535

    acl Safe_ports port 280

    acl Safe_ports port 488

    acl Safe_ports port 591

    acl Safe_ports port 777

    acl Safe_ports port 901

    acl CONNECT method CONNECT

     

    acl dummy src 0.0.0.0/32

     

    acl allowed_sites dstdomain "/etc/squid/lists/allowed_sites"

    acl blocked_files urlpath_regex -i "/etc/squid/lists/blocked_files"

    acl blocked_sites dstdom_regex  -i "/etc/squid/lists/blocked_sites"

     

    acl ad_proxy_users external active_directory_group Proxy_Users

     

    acl ad_speed_128k external active_directory_group speed_128k

    acl ad_speed_256k external active_directory_group speed_256k

     

    acl ad_allowed_sites external active_directory_group allowed_sites

    acl ad_blocked_files external active_directory_group blocked_files

    acl ad_blocked_sites external active_directory_group blocked_sites

     

     

    http_access allow manager localhost

    http_access deny  manager

     

    http_access deny !Safe_ports

    http_access deny CONNECT !SSL_ports

    http_access deny to_localhost

     

    http_access deny ad_speed_128k dummy

    http_access deny ad_speed_256k dummy

     

    http_access deny ad_blocked_files blocked_files

    http_access deny ad_blocked_sites blocked_sites

     

    http_access allow ad_proxy_users

     

    http_access allow ad_allowed_sites allowed_sites

     

    http_access deny all

     

     

    # NETWORK OPTIONS

    # -----------------------------------------------------------------------------

     

    http_port 127.0.0.1:3128

    http_port 1.1.1.10:3128

     

     

    # DISK CACHE OPTIONS

    # -----------------------------------------------------------------------------

     

    cache_dir aufs /var/cache/squid 32768 64 256

     

     

    # LOGFILE OPTIONS

    # -----------------------------------------------------------------------------

     

    access_log /var/log/squid/access.log

     

     

    # OPTIONS FOR TUNING THE CACHE

    # -----------------------------------------------------------------------------

     

    acl QUERY urlpath_regex cgi-bin \?

    cache deny QUERY

     

    acl FTP proto FTP

    cache deny FTP

     

    cache deny blocked_files

     

     

    # DELAY POOL PARAMETERS

    # -----------------------------------------------------------------------------

     

    delay_pools 2

     

    delay_class 1 2

    delay_class 2 2

     

    delay_access 1 allow ad_speed_128k

    delay_access 1 deny all

    delay_access 2 allow ad_speed_256k

    delay_access 2 deny all

     

    delay_parameters 1 128000/128000 16000/16000

    delay_parameters 2 256000/256000 32000/32000

     

     

    # PERSISTENT CONNECTION HANDLING

    # -----------------------------------------------------------------------------

     

    server_persistent_connections off

     

     

    # ICAP OPTIONS

    # -----------------------------------------------------------------------------

     

    icap_enable on

     

    #icap_preview_size 128

    #icap_send_client_ip on

    #icap_send_client_username on

     

    icap_service service_req reqmod_precache bypass=on icap://1.1.1.6:1344/reqmod

     

     

    # MESSAGE ADAPTATION OPTIONS

    # -----------------------------------------------------------------------------

     

    adaptation_access service_req allow all

  • mirbond Newcomer 3 posts since
    Nov 30, 2013
    Currently Being Moderated
    8. Dec 18, 2013 11:40 PM (in response to mdnramos)
    Re: SQUID+ NDLP Prevent

    Hi Mdnramos, hi everybody!

     

    Any ideas how to get result with Squid 3.1.19 and enabled user authentification ?

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points