Subsequently, the configuration required to integrate seamlessly with the Citrix NetScaler with Squid / ClamAV. Squid is a Linux-based proxy server and ClamAV is an open source antivirus solution. Squid and ClamAV both reside on the same server and communicate with each other through the ICAP protocol.
The use case that this solution has been designed to be able to scan files from an antivirus system, before it can be approved uploaded into the protected network via the Citrix NetScaler be. As a general overview, the following Citrix NetScaler features are included, this ability to activate :. Load balancing and content switching virtual server, content switching policy, Responder policy & action and http callout
Below the logic of itemizes http requests:
- End users connect to virtual IP address of the content switching virtual server
- A content policy switch is attached and set to true to allow all connections through. Content Switching virtual servers.
- a responder is bound policy and is configured to search for a content type of "multi-part / form data" all HTTP requests and also to invoke an HTTP callout configured.
- an HTTP callout is configured to send requests to the Squid proxy server.
- the HTTP callout for a response with the status of 301. This value is to search is configured to confirm that a virus was found in a scanned file. Other headers may also be used.
- If the previous step returns true, the responder policy is configured with a "respond with" action that lets you know the end user, the file was not uploaded by a virus.
- If the http callout returns false, the file is permitted the back-end server to upload.
The following is the specific configurations required dive.
- create a load balancing service on the Citrix NetScaler showing in the screenshot above, the back-end server upload.
, the upload service with an IP address of 192.168.1.150 on port 88.
highlighted2. Create virtual load balancing server which is not directly addressable. In other words, contains no IP address.
3. Create change a content virtual server and configure it with a target load balancing server that balances the load consists of virtual server created in step. 2.
4. Binding a content switching policy to the above content switching virtual server and enter true for the policy term.
5. Create the HTTP callout
The following is the text of the full expression, as in the above represented Screenshot .:
"POST http://192.168.1.150: 88 / xampp / upload_file.php HTTP / 1.1 r nAccept:" + HTTP.REQ.HEADER ( "Accept") + " r nReferer " +HTTP.REQ.HEADER(“Referer”)+”rnAccept-Language:”+HTTP.REQ.HEADER(“Accept-Language”)+”rnUser-Agent:”+HTTP.REQ.HEADER(“User-Agent”)+”rnContent-Type:”+HTTP.REQ.HEADER(“Content-Type”)+”rnAccept-Encoding:”+HTTP.REQ.HEADER(“Accept-Encoding”)+”rnHost:192.168.1.150:88rnContent-Length:”+HTTP.REQ.HEADER(“Content-Length”)+”rnProxy-Connection: Keep-Alive r nPragma: no-cache r n r n "+ HTTP.REQ.BODY (000)
The following is the same http legend shows the response from the server section:
the above screenshot shows the http callout for the status code to seek configured. If 301 is present, it indicates a virus is in contrast to a 0 status code infected for a non-virus file.
6 found. Create and bind to a response policy is switched to the content virtual server.
Note that the HTTP callout first must be created before you can create and configure the responder directive to use it. If not, an error message is displayed.
7. Create and integrate the response action to the responder policy.
This is the required configuration. Below are screenshots of network traces that were useful in the design of the required configuration
proxy server configured in a Web browser .:
As you can see, a virus is detected
hereinafter, the http callout on the NetScaler and its communication created with the Squid proxy server .:
As you can see, the request and response is exactly the same
uploaded and scanned a trace of a normal file below .:
This is the configuration for the Citrix NetScaler and Squid / ClamAV integration.
0 Komentar