[squid-users] external icap issue with squid 5 and higher
Alex Rousskov
rousskov at measurement-factory.com
Fri Feb 2 16:19:10 UTC 2024
On 2024-02-02 11:00, Yvain PAYEN wrote:
> Hi Squid users,
>
> I have an issue with an external icap service I have to use (from
> Forcepoint).
>
> This service is working great with squid v3 and v4.
>
> Starting v5 (v6 also tested) the service only work with plain text http
> requests, all requests for https content are allowed even if the website
> should be denied.
Do you use ssl_bump rules to decode affected HTTPS traffic? Or is your
service supposed to analyze plain HTTP CONNECT requests?
With Squid v6, does your ICAP service actually receive expected
"requests for https content" for analysis from Squid? Or does Squid
allow them without contacting the ICAP service with those requests? You
can check service logs and/or enable icap.log in Squid to answer these
high-level questions (see icap_log).
> My first question is : do you know if a big change in the icap code
> happened between v4 and v5 ?
I do not recall, unfortunately; it was too long ago. Please keep in mind
that your problems may not be triggered by ICAP code changes (if any).
> My second question : How can I trace only icap debug logs
ICAP code uses debug section 93. See debug_options directive and
docs/debug-sections.txt.
HTH,
Alex.
> Service is setup like this :
>
> icap_service service_req reqmod_precache icap://10.1.1.1:1344/icap bypass=1
>
> Regards,
>
> *Yvain PAYEN*
>
> *
> **Pôle Opérations & Technologies
> *Equipe Infrastructure système
> T. +33 (0)5 57 57 01 85 (Poste 1185)
>
> M. +33 (0)7 87 30 34 01
>
> Absent tous les mercredi
>
>
> Tessi France
> Immeuble Cassiopée
>
> 1-3 avenue des Satellites
> 33185 Le Haillan
>
>
> *yvain.payen at tessi.fr <mailto:yvain.payen at tessi.fr>
> www.tessi.eu <www.tessi.eu>
> ***
> Pensez à l'environnement avant d'imprimer cet e-mail.**
>
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list