Symantec DLP 14.6 Squid Integration Guide
Symantec DLP 14.6 Squid Integration Guide
Symantec DLP 14.6 Squid Integration Guide
Legal Notice
Copyright 2016 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo and the Checkmark Logo are trademarks or registered
trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other
names may be trademarks of their respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (Third Party Programs). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Legal Notice Appendix to
this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED
CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED
WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR
NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH
DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL
NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION
WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE
INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE
WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, et seq.
"Commercial Computer Software and Commercial Computer Software Documentation," as
applicable, and any successor regulations, whether delivered by Symantec as on premises
or hosted services. Any use, modification, reproduction release, performance, display or
disclosure of the Licensed Software and Documentation by the U.S. Government shall be
solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street
Mountain View, CA 94043
http://www.symantec.com
Contents
Chapter 1
Chapter 2
Index
.................................................................................................................... 16
Chapter
About integrating Squid Web Proxy with Network Prevent for Web
Squid Web Proxy requirements for integrating with Network Prevent for Web
Load balancer
Network Prevent
1
Squid Proxy
1
Squid Proxy
2
External/Internet
Network Prevent
2
Chapter
Installing Squid Web Proxy for integration with Network Prevent for Web
Step
Action
Description
Step 1
Table 2-1
Step
Action
Description
Step 2
Step 3
Step 4
Download the official Squid version 3.5.x stable release source code distribution
from http://www.squid-cache.org/Versions/v3/3.5/.
Move to the directory where you unpack the Squid source code directory.
After installing the proxy, configure the ICAP interface to proxy supported
requests to Network Prevent for Web for inspection.
See Configuring Squid for integration with Network Prevent for Web
on page 11.
Note: To uninstall Squid, return to the directory in which you compiled the application
(for example, ~/downloads/squid-3.5.x). Then enter the command make
uninstall.
10
If you make any changes to the squid.conf configuration file while Squid is running,
shutdown and restart Squid to reload the configuration.
To stop Squid, use the -k shutdown option:
/usr/sbin/squid -k shutdown
See the Squid documentation or type squid -? to learn more about Squid command
line options.
Table 2-2
Step
Task
Description
Step 1
Step 2
Configuring a Squid ACL and ICAP service for Network Prevent for
Web
Each Squid installation must have the appropriate ACLs and rules for the local
server and for the protocols you want to support. The default squid.conf file
contains ACL and rule definitions for the cache monitor process, localhost, and for
various protocols. You can modify these as needed for your Squid deployment.
You must also create a dedicated ACL for the Network Prevent for Web Server
protocols and HTTP methods that you want to monitor. This process is described
in the following procedure.
11
The ICAP service definition specifies the URL and the options that are used to
connect to Network Prevent for Web for ICAP requests. Follow these instructions
to create an ICAP service that sends REQMOD requests to a configured Network
Prevent for Web Server. Note that Squid version 3.5.x also requires an
adaptation_service_set directive that includes the service in the ICAP service
chain.
To configure a Squid ACL and ICAP service
Add the following ACL and rule definition for Network Prevent for Web:
Note: The example request method ACL does not specify the HTTP GET
method because GET requests can generate large volumes of network traffic.
If you choose to inspect GET requests, first see the Symantec Data Loss
Prevention Administration Guide for guidelines on enabling GET processing.
Then enable GET processing by adding GET to the ACL definition in
squid.conf.
Add the following directive to define an ICAP service for Network Prevent for
Web:
12
Create a new section in the configuration file to add ICAP connection directives.
For example, add the line:
# ICAP client parameters.
13
Add the following directives to configure the Squid proxy ICAP connection with
Network Prevent for Web Server. Note that the default squid.conf file also
describes many of these directives.
Directive
Sample value
Description
icap_enable
on
icap_io_timeout
70
icap_service_failure_limit
20
icap_service_revival_delay
30
icap_preview_enable
on
icap_preview_size
icap_persistent_connections
on
icap_send_client_ip
on
14
Directive
Sample value
Description
icap_send_client_username
on
icap_client_username_header
X-Authenticated-User
icap_client_username_encode
on
15
Index
ACLs 11
load balancers 6
log files 10
B
Base64 encoding 15
bypass mode 12
client IP addresses 14
command line options 11
configuration steps 11
configure command 9
connection failures 14
content removal 5
native FTP 5
Network Prevent for Web
about 5
ACLs for 11
balancing connections to 6
bypassing 12
configuring 9
creating ICAP service for 12
installing 8
integrating Squid with 11
D
daemon processes 10
debugging information 10
E
encrypted content 5
F
foreground processes 10
FTP (tunneled) 5
H
HTTP client usernames 15
I
ICAP
configuring connections for 13
configuring persistent connection 14
configuring service definition for 12
icap_class directive 13
installation steps 9
integration steps 8
make command 9
R
REQMOD mode 5
reqmod_precache option 12
requirements 7
RESPMOD mode 5
S
Squid Web Proxy
about 5
compiling 9
configuring 11
debugging 10
downloading 9
installing 9
integrating with Network Prevent for Web 8
log files for 10
starting 10
stopping 10
uninstalling 10
squid.conf configuration file
about 11
Index
X
X-Authenticated-User header 15
X-Client-IP header 14
17