GWVICAP
The Web Interface allows GWAVA to filter web traffic. The Web Interface can search all web traffic to block URLs, key words in web page text with body filtering, or it may be used to limit traffic through web user authentication. The Web interface works in conjunction with an existing ICAP enabled proxy, such as Squid.
Contents |
Level 1
The Web interface is a scanner applied to the web traffic passing through an ICAP enabled proxy. When enabled and connected to an active ICAP proxy, the Web Interface can filter web traffic, scan pages for keywords and block offending pages, require user authentication and deny access to specified users, and block specific URLs. This interface adds a layer of control and limits or defines access to the internet through the network. Because this interface scans web pages instead of messages, many settings do not apply to this scanner, and configuring mail filters for this interface is not recommended. For instance, utilizing anti-spam scanning on the web interface will slow down the system and effectively block everything.
Level 2
The Web Interface can be integrated with an ICAP enabled device.
ICAP is a standard protocol that is built into some Firewall devices.
When these devices are configured properly, they can talk to GWAVA and have the content scanned by GWAVA.
Web Proxies such as Squid have many configuration options.
It can integrate with LDAP servers to require authentication or limit the connections to only certain IP addresses.
All of these configuration options can be found at http://www.squid-cache.org/
Hands On
Configuring Squid
Once squid is configured, you need to edit the squid configuration file so that it knows to send web requests to GWAVA to be scanned. These are the core settings that need to be added to Squid:
#icap_log /var/log/squid/icap.log icap_enable on #icap_send_client_username on #icap_client_username_encode off #icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=0 icap://<IP_of_GWAVA>:1344/request adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=0 icap://<IP_of_GWAVA>:1344/response adaptation_access service_resp allow all
You need to set the ICAP to be enabled. Then you need to send the requests and responses to GWAVA to be scanned. GWAVA will then send a the request back to Squid or a new page that will be displayed in the browser. Once squid has been restarted, It will send requests to GWAVA to be scanned. In order to test this, set up your browser to use the Squid server as your proxy server.
Create filter in GWAVA
1) Open the GWAVA Management Console
2) Open the Scanner/Policy Management Menu
3) Expand down the Policy that was created for the Web Scanner
4) Expand open the Scanning Configuration menu
5) Select the URL filter
6) Click the new filter button and enter the filter:
http://www.gwava.com*
The * is important so dont leave it off.
7) Make sure the Block option is set
8) Click Save Changes
9) Wait 1 minute for the configuration to refresh
Testing
In the browser that is configured to talk to the proxy, try and browse to http://www.gwava.com
The browser should respond that the web page was blocked.
The GWVICAP Interface has a few Interface options that can be explained on the GWVICAP Interface Settings page.
Now that you know all there is to know about the GWAVA Modules, lets take a look at how the GWAVA Server is configured. This is done through the Server Management.
