[squid-users] ICAP question
James Lay
jlay at slave-tothe-box.net
Sun Oct 9 19:40:39 UTC 2016
On Sun, 2016-10-09 at 12:43 -0600, Alex Rousskov wrote:
> On 10/09/2016 11:02 AM, James Lay wrote:
>
> >
> > WARNING: Squid is configured to use ICAP method REQMOD for service
> > icap://localhost:1344/srv_cfg_filter but OPTIONS response declares
> > the
> > methods are RESPMOD
> If your srv_content_filtering.so service does not need to see HTTP
> requests, then you can remove srv_cfg_filter_req from your Squid
> configuration.
>
> If your srv_content_filtering.so service needs to see both HTTP
> requests
> and responses, then you have two options, in no particular order:
>
> A) Tell c-icap and/or srv_content_filtering.so to send a "Methods:
> REQMOD,RESPMOD" ICAP response header field in OPTIONS response.
> Sorry, I
> do not know how to do that in c-icap and even whether that is
> actually
> possible with that software. Please note that using one service URI
> for
> two modes is not uncommon in the ICAP world, but violates the
> following
> ICAP RFC 3507 MUST:
>
> Each service should have a distinct URI
> and support only one method in addition to OPTIONS
>
> B) Use different ICAP service URIs for different services (REQMOD and
> RESPMOD) and configure each service appropriately on both Squid and
> c-icap side. This is what RFC 3507 wants you to do. For example, some
> ICAP servers and services would allow you to use these URIs:
>
> * for REQMOD: icap://localhost:1344/srv_cfg_filter?mode=REQMOD
> * for RESPMOD: icap://localhost:1344/srv_cfg_filter?mode=RESPMOD
>
>
> IIRC, Squid will try to use your service in both modes despite that
> WARNING. However, I do not know whether c-icap and that service
> itself
> will be happy about receiving REQMOD requests.
>
>
> HTH,
>
> Alex.
>
>
>
> >
> > Here's the icap snippet from squid.conf:
> >
> > icap_enable on
> > icap_send_client_ip on
> > icap_persistent_connections on
> > icap_service srv_cfg_filter_req reqmod_precache
> > icap://localhost:1344/srv_cfg_filter bypass=on
> > adaptation_access srv_cfg_filter_req allow all
> > icap_service srv_cfg_filter_resp respmod_precache
> > icap://localhost:1344/srv_cfg_filter bypass=off
> > adaptation_access srv_cfg_filter_resp allow all
> >
> > interesting c-icap.conf bits:
> >
> > ModulesDir /opt/icap/lib/c_icap
> > ServicesDir /opt/icap/lib/c_icap
> > acl localhost src 127.0.0.1/255.255.255.255
> > acl PERMIT_REQUESTS type REQMOD RESPMOD
> > icap_access allow localhost PERMIT_REQUESTS
> > icap_access deny all
> > Include srv_content_filtering.conf
> >
> > lastly, srv_content_filtering.conf:
> >
> > Service srv_cfg_filter srv_content_filtering.so
> > srv_content_filtering.Match default body /(test)/ig score=5
> > LogFormat mySrvContentFiltering "%tl, %>a %im %is %huo [Scores:
> > %{srv_content_filtering:scores}Sa] [ActionFilter:
> > %{srv_content_filtering:action_filter}Sa] [Action:
> > %{srv_content_filtering:action}Sa]"
> >
> > not sure why I can't seem to get this to fly...any assistance would
> > be
> > appreciated...thank you.
Thank you Alex....I followed:
http://wiki.squid-cache.org/ConfigExamples/ContentAdaptation/C-ICAP
As best I could, but it looks like that adapter needs something
different. I'll report my results here once I get it fixed.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20161009/2a7ddb89/attachment.html>
More information about the squid-users
mailing list