[squid-users] squid configuration with c-icap
Amos Jeffries
squid3 at treenet.co.nz
Mon May 25 09:26:11 UTC 2020
On 25/05/20 7:14 pm, Amiq Nahas wrote:
> Hi Guys,
>
> At this point, I have got squid installed on my system. I think it is
> working fine since I can browse the internet by adding a manual proxy
> in firefox at localhost:3128.
>
> What I want now is to configure squid such that it passes the request
> to c-icap. Something like mentioned in this image
> https://postimg.cc/qgsfRbWc
>
> To elaborate, I want to run a squid proxy such that every time the
> browser or any other application on a system makes request to a url,
> the squid proxy receives it. Then, squid sends it to the c-icap
> server. On the c-icap server there would be a custom module (C
> program) which takes the url as the input and the custom module will
> decide whether the url should be allowed or not.
>From that API description there is no need for ICAP which is a very
processing-expensive system.
A simple external ACL helper can perform exactly what you describe far
more efficiently.
Like so:
external_acl_type urlChecker %>ru /path/to/helper
acl urlCheck external urlChecker
http_access deny !urlCheck
Useful documentation on the protocol the helper needs to communicate
with Squid can be found at:
<https://wiki.squid-cache.org/Features/AddonHelpers#Access_Control_.28ACL.29>
>
> https://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
> The link above shows the configuration using squidclamav. I do not
> want to use that.
Squid is just an ICAP client. What C-ICAP uses internally is irrelevant
to Squid. squidclamav is just a module people tend to ask for, so the
example shows it. The squid.conf rules will be the same or similar for
whatever your system has (assuming you stay with ICAP instead of moving
to external ACL for access control).
Amos
More information about the squid-users
mailing list