Manualshelf

Installation manual

ManualsBrandsESET ManualsPrint & ScanGATEWAY SECURITY - FOR LINUX BSD AND SOLARIS
11121314151617181920
13
In the following example, esets_http is configured to listen on port 8080 of the gateway server, with a local network IP address of
192.168.1.10, by specifying the following parameters in the [http] section of the ESETS configuration file:
agent_enabled = yes
listen_addr =192.168.1.10
listen_port = 8080
Note that the parameter ‘listen_addr can be used to specify the host name visible from the local network and also can be used to
allow esets_http to listen to all interfaces, by entering an address of 0.0.0.0. Use caution in the latter case, as users outside the
local network would be allowed to use the HTTP/FTP scanner unless additional security is added to prevent this.
To set up Squid to use esets_http as a parent proxy, add the following lines to the Squid configuration file (/etc/squid/
squid.conf):
cache_peer 192.168.1.10 parent 8080 0 no-query default
acl all src all
never_direct allow all
If an earlier version (2.x) is installed, add the following lines to the Squid configuration file:
cache_peer 192.168.1.10 parent 8080 0 no-query default
acl all src 0.0.0.0/0.0.0.0
never_direct allow all
In the example above, Squid has been configured to use HTTP proxy listening at IP address 192.168.1.10 on port 8080 as a parent
proxy. All requests processed by Squid will be passed to this destination. The remaining lines are used to configure error
message reporting in the event that the parent proxy is down or becomes unreachable. To configure Squid to attempt direct
connections when the parent proxy is unreachable, add the following parameters to the Squid configuration file:
cache_peer 192.168.1.10 parent 8080 0 no-query
prefer_direct off
To reread the newly created configuration, reload the ESETS daemon.
6.3 Internet Content Adaptation configuration
The Internet Content Adaptation is a well known method aimed at providing object-based content vectoring for HTTP services. It
is based on the Internet Content Adaptation Protocol (ICAP) described in the RFC-3507 memo. Configuration for integrating the
ICAP services is shown in Figure 5-3:
Figure 5-3. Scheme of ESET Gateway Security as a ICAP server.
The Proxy Cache receives the HTTP request from the User Agent and/or the response from the HTTP server and then encapsulates
the message into the ICAP request. The Proxy Cache must also work in this case as the ICAP client and pass the ICAP request for
the message adaptation to ESET Gateway Security, namely to a generic ESETS ICAP server - esets_icap. The module provides
scanning of the encapsulated message body for infiltration. Based on the scanning result, it then provides an appropriate ICAP
response which is sent back to the ICAP client, or to the Proxy Cache, for further delivery.
To configure ESET Gateway Security to scan HTTP messages which are encapsulated in ICAP requests, enter the command:
@SBINDIR@/esets_setup
Follow the instructions provided by the script. When the Available installations/un-installations’ offer appears, choose the
‘ICAP’ option to display the ‘install/uninstall’ options. Choose ‘install’ to automatically configure the module to listen on a