<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
<br>
11.05.16 21:04, L.P.H. van Belle пишет:<br>
<span style="white-space: pre;">><br>
> Hai,<br>
><br>
> <br>
><br>
> I reviewd your config, thing whats different in c-icap.conf
compared to me.<br>
></span><br>
Obviously, the mindless copying and pasting the config - very bad
practice, is not it?<br>
<span style="white-space: pre;">><br>
> RemoteProxyUsers off ( for you ) on for me.<br>
></span><br>
# TAG: RemoteProxyUsers<br>
# Format: RemoteProxyUsers onoff<br>
# Description:<br>
# Set it to on if you want to use username provided by the proxy
server.<br>
# This is the recomended way to use users in c-icap.<br>
# If the RemoteProxyUsers is off and c-icap configured to use
users or<br>
# groups the internal authentication mechanism will be used.<br>
# Default:<br>
# RemoteProxyUsers off<br>
RemoteProxyUsers off<br>
<br>
This is depending proxy configuration. And irrelevant current case.<br>
<span style="white-space: pre;">><br>
> <br>
><br>
> Whats the content of /etc/c-icap/squidclamav.conf ?<br>
><br>
> The important part for me of the file :<br>
><br>
> #clamd_local /var/run/clamd.socket ! change/check this<br>
></span><br>
This is OS-dependent, as obvious.<br>
<span style="white-space: pre;">><br>
> clamd_ip 127.0.0.1<br>
><br>
> clamd_port 3310<br>
><br>
> <br>
><br>
> If you use socket make sure your rights are correct and icap
is added to the clamav group.<br>
></span><br>
Wrong. Squid group, not clamav.<br>
<span style="white-space: pre;">><br>
> <br>
><br>
> <br>
><br>
> And my c-icap part of the squid.conf<br>
><br>
> ## Tested with Squid 3.4.8 and 3.5.x + squidclamav 6.14 and
6.15<br>
><br>
> icap_enable on<br>
><br>
> icap_send_client_ip on<br>
><br>
> icap_send_client_username on<br>
><br>
> icap_client_username_header X-Authenticated-User<br>
><br>
> icap_persistent_connections on<br>
><br>
> icap_preview_enable on<br>
><br>
> icap_preview_size 1024<br>
><br>
> icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav<br>
><br>
> adaptation_access service_req allow all<br>
><br>
> icap_service service_resp respmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav<br>
><br>
> adaptation_access service_resp allow all<br>
><br>
> <br>
><br>
> I think you changed to much in the example.<br>
><br>
> <br>
><br>
> Im reffering to these in the squid.conf<br>
><br>
> > adaptation_access service_avi_resp allow all<br>
><br>
> service_avi_resp?<br>
><br>
> <br>
></span><br>
Complete squid.conf fragment:<br>
<br>
icap_service service_avi_req reqmod_precache
icap://localhost:1344/squidclamav bypass=off<br>
adaptation_access service_avi_req allow all<br>
icap_service service_avi_resp respmod_precache
icap://localhost:1344/squidclamav bypass=on<br>
adaptation_access service_avi_resp allow all<br>
<br>
Please, PLEASE, do not make recommendation when you not understand
what does config lines means!<br>
<br>
<span style="white-space: pre;">><br>
> Greetz,<br>
><br>
> <br>
><br>
> Louis<br>
><br>
> <br>
><br>
> <br>
><br>
> > -----Oorspronkelijk bericht-----<br>
><br>
> > Van: squid-users
[<a class="moz-txt-link-freetext" href="mailto:squid-users-bounces@lists.squid-cache.org">mailto:squid-users-bounces@lists.squid-cache.org</a>] Namens<br>
><br>
> > C. L. Martinez<br>
><br>
> > Verzonden: woensdag 11 mei 2016 16:41<br>
><br>
> > Aan: <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
> > Onderwerp: [squid-users] Problems configuring Squid with
C-<br>
><br>
> > ICAP+Squidclamav<br>
><br>
> > <br>
><br>
> > Hi all,<br>
><br>
> > <br>
><br>
> > I am installing a new squid proxy server under OpenBSD
5.9 with C-<br>
><br>
> > ICAP+Squidclamav, and I am having some troubles. When
squid start up and I<br>
><br>
> > request some web page, it is returning the following
error:<br>
><br>
> > <br>
><br>
> > 2016/05/11 14:22:06 kid1| essential ICAP service is
down after an options<br>
><br>
> > fetch failure: icap://localhost:1344/squidclamav
[down,!opt]<br>
><br>
> > 2016/05/11 14:23:54 kid1| suspending ICAP service for
too many failures<br>
><br>
> > <br>
><br>
> > I've read Squid's wiki page about this and I don't see
any error in my<br>
><br>
> > config. Squid's config is:<br>
><br>
> > <br>
><br>
> > icap_enable on<br>
><br>
> > icap_send_client_ip on<br>
><br>
> > icap_send_client_username on<br>
><br>
> > icap_client_username_header X-Authenticated-User<br>
><br>
> > icap_preview_enable on<br>
><br>
> > icap_preview_size 1024<br>
><br>
> > #icap_service_failure_limit -1<br>
><br>
> > icap_service service_avi_req reqmod_precache<br>
><br>
> > icap://localhost:1344/squidclamav bypass=off<br>
><br>
> > adaptation_access service_avi_req allow all<br>
><br>
> > icap_service service_avi_resp respmod_precache<br>
><br>
> > icap://localhost:1344/squidclamav bypass=on<br>
><br>
> > adaptation_access service_avi_resp allow all<br>
><br>
> > <br>
><br>
> > And c-icap's config is:<br>
><br>
> > <br>
><br>
> > PidFile /var/run/c-icap/c-icap.pid<br>
><br>
> > CommandsSocket /var/run/c-icap/c-icap.ctl<br>
><br>
> > Timeout 300<br>
><br>
> > MaxKeepAliveRequests 100<br>
><br>
> > KeepAliveTimeout 600<br>
><br>
> > StartServers 3<br>
><br>
> > MaxServers 10<br>
><br>
> > MinSpareThreads 10<br>
><br>
> > MaxSpareThreads 20<br>
><br>
> > ThreadsPerChild 10<br>
><br>
> > MaxRequestsPerChild 0<br>
><br>
> > Port 1344<br>
><br>
> > TmpDir /var/tmp<br>
><br>
> > MaxMemObject 131072<br>
><br>
> > DebugLevel 1<br>
><br>
> > Pipelining on<br>
><br>
> > ModulesDir /usr/local/lib/c_icap<br>
><br>
> > ServicesDir /usr/local/lib/c_icap<br>
><br>
> > TemplateDir /usr/local/share/c_icap/templates/<br>
><br>
> > LoadMagicFile /etc/c-icap/c-icap.magic<br>
><br>
> > RemoteProxyUsers off<br>
><br>
> > RemoteProxyUserHeader X-Authenticated-User<br>
><br>
> > RemoteProxyUserHeaderEncoded on<br>
><br>
> > acl localhost src 127.0.0.1/255.255.255.255<br>
><br>
> > acl ALLREQUESTS type RESPMOD REQMOD<br>
><br>
> > icap_access allow localhost ALLREQUESTS<br>
><br>
> > icap_access deny all<br>
><br>
> > ServerLog /var/log/c-icap/server.log<br>
><br>
> > AccessLog /var/log/c-icap/access.log<br>
><br>
> > Logger file_logger<br>
><br>
> > Module logger sys_logger.so<br>
><br>
> > Service squidclamav squidclamav.so<br>
><br>
> > <br>
><br>
> > Any idea what am I doing wrong?? How can I do a simple
test against c-<br>
><br>
> > icap server from command line??<br>
><br>
> > <br>
><br>
> > Thanks.<br>
><br>
> > <br>
><br>
> > --<br>
><br>
> > Greetings,<br>
><br>
> > C. L. Martinez<br>
><br>
> > <br>
><br>
> > _______________________________________________<br>
><br>
> > squid-users mailing list<br>
><br>
> > <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
> > <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> squid-users mailing list<br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
> <a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXM0xAAAoJENNXIZxhPexG77QIAJ483bwvMjlcTrOZAWm40brN
<br>
dP+Kv0esWjr6o/VuIpFdY346eqxxMYZjtkIWXMZyd5ZR9qpQMOM2daeq2Payl6pJ
<br>
WAzbr0vItTm9/EiQOx4fvUABeWabwX+5T3ifazhoeurF7XdWoibRXb8VfEGVfrjg
<br>
Zjxbpow3FnqNZvkSjSpCdUPw5wnojCjq/WMHhkHh790M6PODbbq3lrEt/6Vnj5nq
<br>
2yeejXhGJZc0kXLK2Hql61qRgz8+uAMH9atorLfTrYY9yOq5VL63in8rnKN2y6ML
<br>
be8kaQB7+DAuz4nh30s5go3AgtqZAbVisoNjy7ib8MU8M6OqWHyWvXBkbzLkUlQ=
<br>
=gzb9
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>