On 2013/04/09 03:20, Jiri B wrote: > On Mon, Apr 08, 2013 at 10:51:55PM +0100, Stuart Henderson wrote: > > These ports provide a framework to provide ICAP services, and modules > > using this framework to provide virus scanning (via libclamav) and > > url filtering. > > > > ICAP is a standard protocol used by web proxies (including squid 3) > > and content inspection software. > > > > (There will be an additional squidclamav port, using clamd rather than > > libclamav, to follow once I've worked out how to get it working ;) > > > > OK to import? > > Little OT... > > I was thinking to do dnssec checking for websites requested via proxy, > as end users would not have direct access to Internet and thus not > able to do dnssec check. > > Is there some way to do it in tandem with http proxy? Something like > to pass http from squid to a checking script and it would then > return if dnssec is OK or not and then I would use some rewrite to > display inline warning (top of the page) or redirect to a warning page... > > Or... Maybe I'm taking wrong approach anyway...?
Probably better to just point squid at a validating resolver. You'll just get DNS failures rather than some special error but I think that's reasonable.
