5. Procedure – Enabling virus filtering in HTTP

Purpose: 

To configure virus filtering in the HTTP traffic with common parameter values, create an HttpProxy class which stacks ZCV to inspect the downloaded data. Complete the following steps.

These settings instruct the new HttpProxy to pass all responses (downloaded data) to the specified stacking provider — that is, to ZCV to scan everything downloaded via HTTP for viruses. Zorp will stack the stacking provider for every response (response_stack) that will scan the data part of the message for viruses.

Steps: 

  1. Navigate to the Zorp ZMC component of the firewall host.

  2. Select the Proxies tab, then click New.

    Creating a new proxy

    Figure 7. Creating a new proxy

  3. Select the HttpProxy template from the left panel, and enter a name for the new class. Name this class HttpVirusProxy and click OK.

    Selecting a proxy template

    Figure 8. Selecting a proxy template

  4. Add the self.response_stack attribute to the Changed config attributes panel.

    Adding attributes to a proxy

    Figure 9. Adding attributes to a proxy

  5. Select this new attribute, then click Edit > New.

  6. Enter the * (asterisk) character, then click OK.

  7. Click on the text in the Type field, then select type_http_stk_data.

    Setting stacking type

    Figure 10. Setting stacking type

  8. Click Edit, then select the second row of the appearing panel (the one having zorp_stack in its Type field). Click Edit.

    Selecting when to stack

    Figure 11. Selecting when to stack

  9. Configure the proxy to send the incoming data to ZCV.

    Connecting the proxy to ZCV

    Figure 12. Connecting the proxy to ZCV

    1. Select Stacking type > Stacking provider.

    2. In the Provider field, select the stacking provider policy (for example, zcv) created in Procedure 4, Making ZCV available for Zorp services.

    3. In the Rulegroup field, select the rulegroup (for example, http) created in Procedure 4, Making ZCV available for Zorp services.

    4. Click OK.

    Python: Create an HttpProxy class which stacks ZCV to inspect the downloaded data.

    class HttpVirusProxy(HttpProxy):
    def config(self):
        HttpProxy.config(self)
        self.response_stack["*"]=(HTTP_STK_DATA, (Z_STACK_PROVIDER, "ZCV", "http"))

  10. Create a service that clients can use to access the Internet.

    1. Select Services > New, and enter a name for the service (for example, intra_HTTP_inter).

    2. Select Proxy class > HttpVirusProxy.

    3. Configure the other parameters of the service as needed for your environment, then click OK.

    4. Select Firewall Rules > New > Service, and select the service created in the previous step.

    5. Configure the other parameters of the rule as needed for your environment, then click OK.

    Python: Create an HttpProxy class which stacks ZCV to inspect the downloaded data.

    def demo_instance() :
    Service(name='demo_instance/intra_http_inter', router=TransparentRouter(), chainer=ConnectChainer(), proxy_class=HttpVirusProxy, max_instances=0, max_sessions=0, keepalive=Z_KEEPALIVE_NONE)

    Rule(rule_id=1,
    src_zone=('*', ),
    dst_zone=('internet', ),
    proto=6,
    service='demo_instance/intra_http_inter'
    )

  11. Commit and upload the changes, then restart Zorp.

Previous   Next
 Home