[squid-users] Problems configuring Squid with C-ICAP+Squidclamav

Yuri Voinov yvoinov at gmail.com
Wed May 11 15:14:08 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
 

11.05.16 21:04, L.P.H. van Belle пишет:
>
> Hai,
>
> 
>
> I reviewd your config, thing whats different in c-icap.conf compared
to me.
>
Obviously, the mindless copying and pasting the config - very bad
practice, is not it?
>
> RemoteProxyUsers off ( for you ) on for me.
>
# TAG: RemoteProxyUsers
# Format: RemoteProxyUsers onoff
# Description:
#    Set it to on if you want to use username provided by the proxy server.
#    This is the recomended way to use users in c-icap.
#    If the RemoteProxyUsers is off and c-icap configured to use users or
#    groups the internal authentication mechanism will be used.
# Default:
#    RemoteProxyUsers off
RemoteProxyUsers off

This is depending proxy configuration. And irrelevant current case.
>
> 
>
> Whats the content of /etc/c-icap/squidclamav.conf ?
>
> The important part for me of the file :
>
> #clamd_local /var/run/clamd.socket ! change/check this
>
This is OS-dependent, as obvious.
>
> clamd_ip 127.0.0.1
>
> clamd_port 3310
>
> 
>
> If you use socket make sure your rights are correct and icap is added
to the clamav group.
>
Wrong. Squid group, not clamav.
>
> 
>
> 
>
> And my c-icap part of the squid.conf
>
> ## Tested with Squid 3.4.8 and 3.5.x + squidclamav 6.14 and 6.15
>
> icap_enable on
>
> icap_send_client_ip on
>
> icap_send_client_username on
>
> icap_client_username_header X-Authenticated-User
>
> icap_persistent_connections on
>
> icap_preview_enable on
>
> icap_preview_size 1024
>
> icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
>
> adaptation_access service_req allow all
>
> icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
>
> adaptation_access service_resp allow all
>
> 
>
> I think you changed to much in the example.
>
> 
>
> Im reffering to these in the squid.conf
>
> > adaptation_access service_avi_resp allow all
>
> service_avi_resp?
>
> 
>
Complete squid.conf fragment:

icap_service service_avi_req reqmod_precache
icap://localhost:1344/squidclamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache
icap://localhost:1344/squidclamav bypass=on
adaptation_access service_avi_resp allow all

Please, PLEASE, do not make recommendation when you not understand what
does config lines means!
 
>
> Greetz,
>
> 
>
> Louis
>
> 
>
> 
>
> > -----Oorspronkelijk bericht-----
>
> > Van: squid-users [mailto:squid-users-bounces at lists.squid-cache.org]
Namens
>
> > C. L. Martinez
>
> > Verzonden: woensdag 11 mei 2016 16:41
>
> > Aan: squid-users at lists.squid-cache.org
>
> > Onderwerp: [squid-users] Problems configuring Squid with C-
>
> > ICAP+Squidclamav
>
> >
>
> > Hi all,
>
> >
>
> >  I am installing a new squid proxy server under OpenBSD 5.9 with C-
>
> > ICAP+Squidclamav, and I am having some troubles. When squid start up
and I
>
> > request some web page, it is returning the following error:
>
> >
>
> >  2016/05/11 14:22:06 kid1| essential ICAP service is down after an
options
>
> > fetch failure: icap://localhost:1344/squidclamav [down,!opt]
>
> >  2016/05/11 14:23:54 kid1| suspending ICAP service for too many failures
>
> >
>
> >  I've read Squid's wiki page about this and I don't see any error in my
>
> > config. Squid's config is:
>
> >
>
> > icap_enable on
>
> > icap_send_client_ip on
>
> > icap_send_client_username on
>
> > icap_client_username_header X-Authenticated-User
>
> > icap_preview_enable on
>
> > icap_preview_size 1024
>
> > #icap_service_failure_limit -1
>
> > icap_service service_avi_req reqmod_precache
>
> > icap://localhost:1344/squidclamav bypass=off
>
> > adaptation_access service_avi_req allow all
>
> > icap_service service_avi_resp respmod_precache
>
> > icap://localhost:1344/squidclamav bypass=on
>
> > adaptation_access service_avi_resp allow all
>
> >
>
> >  And c-icap's config is:
>
> >
>
> > PidFile /var/run/c-icap/c-icap.pid
>
> > CommandsSocket /var/run/c-icap/c-icap.ctl
>
> > Timeout 300
>
> > MaxKeepAliveRequests 100
>
> > KeepAliveTimeout 600
>
> > StartServers 3
>
> > MaxServers 10
>
> > MinSpareThreads     10
>
> > MaxSpareThreads     20
>
> > ThreadsPerChild     10
>
> > MaxRequestsPerChild  0
>
> > Port 1344
>
> > TmpDir /var/tmp
>
> > MaxMemObject 131072
>
> > DebugLevel 1
>
> > Pipelining on
>
> > ModulesDir /usr/local/lib/c_icap
>
> > ServicesDir /usr/local/lib/c_icap
>
> > TemplateDir /usr/local/share/c_icap/templates/
>
> > LoadMagicFile /etc/c-icap/c-icap.magic
>
> > RemoteProxyUsers off
>
> > RemoteProxyUserHeader X-Authenticated-User
>
> > RemoteProxyUserHeaderEncoded on
>
> > acl localhost src 127.0.0.1/255.255.255.255
>
> > acl ALLREQUESTS type RESPMOD REQMOD
>
> > icap_access allow localhost ALLREQUESTS
>
> > icap_access deny all
>
> > ServerLog /var/log/c-icap/server.log
>
> > AccessLog /var/log/c-icap/access.log
>
> > Logger file_logger
>
> > Module logger sys_logger.so
>
> > Service squidclamav squidclamav.so
>
> >
>
> >  Any idea what am I doing wrong?? How can I do a simple test against c-
>
> > icap server from command line??
>
> >
>
> > Thanks.
>
> >
>
> > --
>
> > Greetings,
>
> > C. L. Martinez
>
> >
>
> > _______________________________________________
>
> > squid-users mailing list
>
> > squid-users at lists.squid-cache.org
>
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
 
iQEcBAEBCAAGBQJXM0xAAAoJENNXIZxhPexG77QIAJ483bwvMjlcTrOZAWm40brN
dP+Kv0esWjr6o/VuIpFdY346eqxxMYZjtkIWXMZyd5ZR9qpQMOM2daeq2Payl6pJ
WAzbr0vItTm9/EiQOx4fvUABeWabwX+5T3ifazhoeurF7XdWoibRXb8VfEGVfrjg
Zjxbpow3FnqNZvkSjSpCdUPw5wnojCjq/WMHhkHh790M6PODbbq3lrEt/6Vnj5nq
2yeejXhGJZc0kXLK2Hql61qRgz8+uAMH9atorLfTrYY9yOq5VL63in8rnKN2y6ML
be8kaQB7+DAuz4nh30s5go3AgtqZAbVisoNjy7ib8MU8M6OqWHyWvXBkbzLkUlQ=
=gzb9
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160511/7f369669/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160511/7f369669/attachment-0001.key>

More information about the squid-users mailing list