<div dir="ltr">I've got a bit further with this and I'm starting to understand ICAP talk.<div><br></div><div>I've got a Go server working which I can talk to through netcat:</div><div><br></div><div>$ nc localhost 1344<br>REQMOD icap://<a href="http://192.168.0.7/">192.168.0.7/</a> ICAP/1.0<br>GET / HTTP/1.1<br>Host: dvwa.test<br>Accept: text/html, text/plain, image/gif<br>Accept-Encoding: gzip, compress<br><br>ICAP/1.0 200 OK<br>Encapsulated: req-hdr=0, null-body=141<br><br>GET / HTTP/1.1<br>Host: dvwa.test<br>Accept: text/html, text/plain, image/gif<br>Accept-Encoding: gzip, compress<br>X-Modified-By: Go ICAP Server<br><br><br>On the server side I see:</div><div><br></div><div>This is the request<br><br>REQMOD icap://<a href="http://192.168.0.7/">192.168.0.7/</a> ICAP/1.0<br><br>Received request: REQMOD icap://<a href="http://192.168.0.7/">192.168.0.7/</a> ICAP/1.0<br>Original Request Headers:<br>GET / HTTP/1.1<br>Host: dvwa.test<br>Accept: text/html, text/plain, image/gif<br>Accept-Encoding: gzip, compress<br><br><br>Modified request sent back<br><br>ICAP/1.0 200 OK<br>Encapsulated: req-hdr=0, null-body=141<br><br>GET / HTTP/1.1<br>Host: dvwa.test<br>Accept: text/html, text/plain, image/gif<br>Accept-Encoding: gzip, compress<br>X-Modified-By: Go ICAP Server<br><br><br>If I try to use curl through Squid pointing at that server:</div><div><br></div><div>$ curl "<a href="http://dvwa.test/a?xsa">http://dvwa.test/a?xsa</a>" --proxy localhost:3128</div><div><br></div><div>dvwa.test is at 192.168.0.42.</div><div><br></div><div>I get this in the ICAP server: </div><div><br></div><div>This is the request<br><br>REQMOD icap://<a href="http://192.168.0.7:1344/">192.168.0.7:1344/</a> ICAP/1.0<br><br>Received request: REQMOD icap://<a href="http://192.168.0.7:1344/">192.168.0.7:1344/</a> ICAP/1.0<br>Original Request Headers:<br>Host: <a href="http://192.168.0.7:1344">192.168.0.7:1344</a><br>Date: Fri, 07 Feb 2025 12:26:25 GMT<br>Encapsulated: req-hdr=0, null-body=93<br>Allow: 204, trailers<br><br><br>Modified request sent back<br><br>ICAP/1.0 200 OK<br>Encapsulated: req-hdr=0, null-body=155<br><br>Host: <a href="http://192.168.0.7:1344">192.168.0.7:1344</a><br>Date: Fri, 07 Feb 2025 12:26:25 GMT<br>Encapsulated: req-hdr=0, null-body=93<br>Allow: 204, trailers<br>X-Modified-By: Go ICAP Server<br></div><div><br></div><div>Squid then gives the same error as before, ERR_ICAP_FAILURE.</div><div><br></div><div>Robin</div></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Fri, 7 Feb 2025 at 10:15, Robin Wood <squid@digi.ninja> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi<div>I want to write my own ICAP server, but all the sample code I've found is failing, the majority with this error from squidclient:</div><div><br></div><div>squidclient -h 192.168.0.7 -p 1344 icap://<a href="http://192.168.0.7:1344/request_mod" target="_blank">192.168.0.7:1344/request_mod</a><br>ICAP/1.0 400 Bad Request<br><br></div><div><div>And this error when accessed through Squid itself:</div><div><br></div><div>ICAP protocol error.<br><br>The system returned: [No Error]<br><br>This means that some aspect of the ICAP communication failed.</div></div><div><br></div><div>I've got this in my squid.conf:</div><div><br></div><div># Enable ICAP for request and response modification<br>icap_enable on<br>icap_service service_req reqmod_precache icap://<a href="http://192.168.0.7:1344/request_mod" target="_blank">192.168.0.7:1344/request_mod</a><br>icap_service service_resp respmod_precache icap://<a href="http://192.168.0.7:1344/response_mod" target="_blank">192.168.0.7:1344/response_mod</a><br><br># ICAP adaptation rules<br>adaptation_access service_req allow all<br>adaptation_access service_resp allow all<br></div><div><br></div><div>And I've tried running both Python and Ruby servers taken from various places. A lot are logging that they've received and replied to requests:</div><div><br></div><div>Received request: OPTIONS icap://<a href="http://192.168.0.7:1344/request_mod" target="_blank">192.168.0.7:1344/request_mod</a> ICAP/1.0<br>Responded to OPTIONS request<br></div><div><br></div><div>The servers are all listening, I've checked that:</div><div><br></div><div>$ ss -antp | grep 1344<br>LISTEN     0      4096                       <a href="http://0.0.0.0:1344" target="_blank">0.0.0.0:1344</a>                  0.0.0.0:*     users:(("ruby",pid=563029,fd=5))</div><div><br></div><div>The closest I've got is this one:</div><div><br></div><div><a href="https://gist.github.com/digininja/a98b3567e0aeb218d37cdd337bb12f34" target="_blank">https://gist.github.com/digininja/a98b3567e0aeb218d37cdd337bb12f34</a></div><div><br></div><div>It seems to be working as it sees the headers and says it has returned data:</div><div><br></div><div>Received request: REQMOD icap://<a href="http://192.168.0.7:1344/request_mod" target="_blank">192.168.0.7:1344/request_mod</a> ICAP/1.0<br>Original Headers:<br>Host: <a href="http://192.168.0.7:1344" target="_blank">192.168.0.7:1344</a><br>Date: Fri, 07 Feb 2025 10:10:30 GMT<br>Encapsulated: req-hdr=0, null-body=91<br>Preview: 0<br>Allow: 204, trailers<br>Modified request sent back<br></div><div><br></div><div>But I still get errors.</div><div><br></div><div>What could be wrong?</div><div><br></div><div>Does someone have some example server code they know works that I can test to help debug it?</div><div><br></div><div>Robin</div></div>
</blockquote></div>