[squid-users] icap not answering
steven
commercials24 at yahoo.de
Sun Mar 3 01:29:02 UTC 2019
Hi,
i would like todo modifications on https connections and therefore
enabled ssl bump in squid 4.4, now i would like to see the real traffic
and icap looks like a way to watch and change that traffic.
but squid is not answering to icap://127.0.0.1:1344 when using pyicap or
telnet.
the telnet error is:
telnet 127.0.0.1 1344
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
which is imho good because it tells me that something is answering on
that port after all.
did i misconfigure something?
config:
debug_options 28,9
#icap
icap_enable on
icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/reqmod
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0
icap://127.0.0.1:1344/respmod
adaptation_access service_resp allow all
acl localnet src 127.0.0.1/32 192.168.10.0/24
http_access allow localnet
acl SSL_ports port 443
acl CONNECT method CONNECT
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
include /etc/squid/conf.d/*
http_access allow localhost
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# default end
# my config
http_port 3128 accel ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
https_port 3129 ssl-bump intercept generate-host-certificates=on
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db
-M 4MB
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
More information about the squid-users
mailing list