Using SpIDer Gate in Proxy Mode |
To protect a local network from threats spread via the internet, if the HTTP proxy server, which could communicate with Dr.Web for UNIX Internet Gateways via ICAP or over the ClamAV protocol (using the Dr.Web ClamD component directly), is missing on the internet gateway, configure the Dr.Web Firewall for Linux so that information received via the internet gateway, with Dr.Web for UNIX Internet Gateways installed on it, were scanned by the SpIDer Gate monitor (a transparent proxy mode). To configure the Transparent Proxy Mode, change several parameter values in the configuration file, in the section with the settings for Dr.Web Firewall for Linux (section [LinuxFirewall]):
To view and to change the settings of Dr.Web Firewall for Linux, you can use the following means, •The command-line-based management tool—Dr.Web Ctl (use the drweb-ctl cfshow and drweb-ctl cfset commands). For example, the following command:
will configure Dr.Web Firewall for Linux in the following way. The incoming data will be scanned by SpIDer Gate if the HTTP protocol is used and the corresponding InspectHttp parameter value is set to On. •The management web interface of Dr.Web for UNIX Internet Gateways (by default, you can access it via a web browser at https://127.0.0.1:4443/). To scan data transferred via HTTPS protocol: •Enable the scanning of the traffic transmitted via SSL/TLS:
Use the cfset command of the tool drweb-ctl or the web interface to apply a new value for this parameter so that the values of all dependent parameters be changed automatically. •Export the certificate that will be used by Dr.Web for UNIX Internet Gateways for integration into the protected SSL/TLS channels by executing the command:
It is necessary to indicate the name of the file used for saving the certificate in the PEM format. •Add the certificate to the system list of trusted certificates and specify it as the trusted certificate for web clients (browsers) and the web server. For details, see Appendix E. Generating SSL certificates section. Specify the following parameters in the LinuxFirewall section of the configuration file: 1.Parameters of scanning of transferred data (ScanTimeout, HeuristicAnalysis, PackerMaxLevel, ArchiveMaxLevel, MailMaxLevel, ContainerMaxLevel, MaxCompressionRatio) that limit the length and resource intensity of their scanning. When a fine-grained configuration is not required, it is recommended that values for parameter data are kept in their default state. 2.The Block* parameters for blocking unwanted URLs and content. 3.The BlockUnchecked parameter to specify the actions of the SpIDer Gate in case the received data cannot be scanned. For a more detailed configuration of filterng rules edit the Lua procedure or the RuleSet rules. After all settings are adjusted, restart Dr.Web for UNIX Internet Gateways with the following command:
You can also restart the configuration daemon Dr.Web ConfigD with the following command:
|