In this section
|
This feature is available only for distributions designed for OSes of the GNU/Linux family. |
If the internet gateway does not have an HTTP proxy server that could communicate with Dr.Web Gateway Security Suite via ICAP or ClamAV protocols (using the Dr.Web ClamD component directly), to protect the local network from threats spreading over the internet, configure Dr.Web Firewall for Linux so that the data passed to the internet gateway with Dr.Web Gateway Security Suite installed on it is scanned by the SpIDer Gate monitor (a transparent proxy mode).
To configure web server protection, specify the following values for [LinuxFirewall] section parameters in the configuration file:
Parameter |
Required value |
|---|---|
InspectHttp |
On |
AutoconfigureIptables |
Yes |
AutoconfigureRouting |
Yes |
LocalDeliveryMark |
Auto |
ClientPacketsMark |
Auto |
ServerPacketsMark |
Auto |
TproxyListenAddress |
127.0.0.1:0 If a custom IP address or port is used in Dr.Web Firewall for Linux operation, specify them here |
ForwardDivertEnable |
Yes |
FrowardDivertNfqueueNumber |
Auto |
ForwardDivertConnectTransparently |
Yes |
To view and change the settings of Dr.Web Firewall for Linux, use the following:
•Dr.Web Ctl command-line management tool (use the drweb-ctl cfshow and drweb-ctl cfset commands).
For example, the command:
# drweb-ctl cfset LinuxFirewall.ForwardDivertEnable Yes |
configures Dr.Web Firewall for Linux such that the data passing the host is scanned by SpIDer Gate, if HTTP is used and the InspectHttp parameter is set to On.
•Dr.Web Gateway Security Suite management web interface (by default, you can access it via a web browser at https://127.0.0.1:4443).
To scan data transferred via HTTPS:
•Enable scanning of SSL/TLS traffic:
# drweb-ctl cfset LinuxFirewall.UnwrapSsl Yes |
It is recommended to use the cfset command of the drweb-ctl tool or the management web interface, because in this case the scanning rules depending on this parameter will change automatically.
•Export a certificate to be used by Dr.Web Gateway Security Suite for embedding in secure SSL/TLS channels by running the command:
$ drweb-ctl certificate > <cert_name>.pem |
It is necessary to indicate a name of the file to store the certificate in the PEM format.
•Add the certificate to the system list of trusted certificates and specify it as a trusted certificate for web clients (browsers) and the web server (for details, see the Appendix E. Generating SSL Certificates section).
Specify the following parameters in the [LinuxFirewall] section of the Dr.Web Firewall for Linux configuration file:
1.Parameters for scanning transferred data (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel and MaxCompressionRatio), which limit scanning duration and resource consumption. If detailed configuration is not required, keep default values.
2.Block* parameters for blocking unwanted URLs and content.
3.BlockUnchecked parameter to define SpIDer Gate reactions in case the received data cannot be scanned.
For more detailed configuration of HTTP message filtering rules (depending on conditions), edit the Lua procedure or the RuleSet rules.
After the settings are adjusted, reload the Dr.Web Gateway Security Suite configuration using the command:
# drweb-ctl reload |
You can also restart Dr.Web Gateway Security Suite by restarting the Dr.Web ConfigD configuration management daemon using the command:
# service drweb-configd restart |