<div dir="ltr">Hi,<div><br></div><div>The flow is the following:</div><div>ICAP transaction is sent to ICAP server with a PREVIEW header</div><div>ICAP server sends ICAP header 100 Continue </div><div>ICAP server sends ICAP header 200 OK to start data transfer</div><div><data transfer begins></div><div>ICAP server receives a chunk, checks if its the last chunk, if not then append to temp file and send it back to Squid; if it is the last chunk then analyze the temp file for virus.</div><div><repeat for next data transfer></div><div>If virus found then send encapsulated HTTP header 307 redirect.</div><div>If virus not found, send the last chunk to squid.</div><div><br></div><div>The part where we send 307 is the part that Squid doesn't like, I believe is because we are not sending the last chunk since the file is a virus.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Nov 26, 2019 at 4:52 PM Alex Rousskov <<a href="mailto:rousskov@measurement-factory.com">rousskov@measurement-factory.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On 11/26/19 2:52 PM, Felipe Arturo Polanco wrote:<br>
<br>
> We are sending an encapsulated HTTP 307 redirect webpage header whenever<br>
> a Virus is found and stop sending any other data after that<br>
<br>
You must use ICAP status code 200 then. Make sure your encapsulated HTTP<br>
307 body (if any) is properly sent to Squid.<br>
<br>
<br>
> but squid<br>
> complains about ICAP failure when we do that:<br>
> Adaptation::Icap::Xaction::noteCommRead threw exception: corrupted chunk<br>
> size<br>
<br>
What chunk size did Squid not like? You should be able to tell by<br>
looking at the packet capture of the failed transaction (or low-level<br>
Squid debugging).<br>
<br>
<br>
> We are not sending an ICAP header at this point because we already told<br>
> Squid ICAP 200 OK header and begun a body transaction, we send some<br>
> chunks back to the client for progress and hold the last part for scanning.<br>
<br>
Are you sending HTTP 307 body chunks to Squid? How do you indicate that<br>
no more chunks will be coming?<br>
<br>
It sounds like you are trying to cram two HTTP messages (one with the<br>
original HTTP response body prefix and one with a generated 307<br>
redirect) into one ICAP response, which is impossible, but perhaps I<br>
misunderstood your description. It would help if you post a sample (but<br>
complete) ICAP response that Squid does not like.<br>
<br>
<br>
> Ideally, we would like to just send our 307 to Squid and not having it<br>
> count as a failure.<br>
<br>
Yes, a 200 ICAP response with an embedded HTTP 307 response should work<br>
just fine, but all its pieces should be properly formed (and there<br>
should be no extras).<br>
<br>
Alex.<br>
<br>
<br>
> On Tue, Nov 26, 2019 at 3:44 PM Alex Rousskov wrote:<br>
> <br>
> On 11/26/19 10:15 AM, Felipe Arturo Polanco wrote:<br>
> <br>
> > While we can successfully scan our files and do content adaptation, we<br>
> > have been struggling to find a way to close the ICAP transaction<br>
> before<br>
> > passing the whole body back to squid and at the same time avoid squid<br>
> > marking one icap failure.<br>
> <br>
> Squid needs a valid ICAP response. The right ICAP response status code<br>
> depends on what you want Squid to do after receiving that response. You<br>
> have mentioned what you do _not_ want Squid to do (i.e. increase the<br>
> failure count), but that still leaves a lot of options.<br>
> <br>
> <br>
> > This is for an ICAP server that does Virus scanning and if virus<br>
> found,<br>
> > the body is not sent back.<br>
> <br>
> What do you want Squid to do when the ICAP service finds a virus? For<br>
> example, what message do you want Squid to send to the next HTTP hop?<br>
> <br>
> Alex.<br>
> <br>
<br>
</blockquote></div>