[squid-users] Squid 3.5 ICAP Problems
Stephen Stark
logic4life at gmail.com
Thu Nov 2 16:29:51 UTC 2017
Hello everyone,
I am having problems using Squid with ICAP (C-ICAP and clamd). The thing
that is bugging me is I had this was working fine and now it cannot connect
to the local ICAP service.
Below is the debug section 93,3 to see what was going on when I restarted
Squid:
2017/11/02 12:06:34.546 kid1| 93,3| ServiceRep.cc(712) detach: detaching
ICAP service: icap://127.0.0.1:1344/virus_scan [down,!opt]
2017/11/02 12:06:34.546 kid1| 93,3| ServiceRep.cc(712) detach: detaching
ICAP service: icap://127.0.0.1:1344/srv_content_filtering [down,!opt]
2017/11/02 12:06:34.548 kid1| 93,3| Service.cc(19) Service: creating
adaptation service service_cfi_resp
2017/11/02 12:06:34.548 kid1| 93,3| Service.cc(19) Service: creating
adaptation service service_avi_resp
2017/11/02 12:06:34.548 kid1| 93,3| Config.cc(195) finalize: Created 2
adaptation services
2017/11/02 12:06:34.548 kid1| Adaptation support is on
2017/11/02 12:06:34.548 kid1| 93,2| Config.cc(211) FinalizeEach:
Initialized 2 message adaptation services
2017/11/02 12:06:34.548 kid1| 93,2| Config.cc(211) FinalizeEach:
Initialized 1 message adaptation service groups
2017/11/02 12:06:34.548 kid1| 93,2| Config.cc(211) FinalizeEach:
Initialized 3 message adaptation access rules
2017/11/02 12:06:51.415 kid1| 93,3| AccessCheck.cc(196) callBack: NULL
2017/11/02 12:06:51.415 kid1| 93,3| client_side_request.cc(1074)
noteAdaptationAclCheckDone: 0x10dd728 adaptationAclCheckDone called
2017/11/02 12:06:51.454 kid1| 93,3| AccessCheck.cc(196) callBack: 0xd45b80*2
2017/11/02 12:06:51.454 kid1| 93,3| Xaction.cc(60) Xaction:
Adaptation::Icap::ModXact constructed, this=0x124c4b8 [icapxjob146537]
2017/11/02 12:06:51.454 kid1| 93,3| Xaction.cc(60) Xaction:
Adaptation::Icap::OptXact constructed, this=0x120c818 [icapxjob146539]
2017/11/02 12:06:51.454 kid1| 93,3| ServiceRep.cc(122) getConnection: got
connection:
2017/11/02 12:06:51.454 kid1| 93,3| Xaction.cc(145) openConnection:
Adaptation::Icap::OptXact opens connection to 127.0.0.1:1344
2017/11/02 12:06:51.454 kid1| 93,3| AsyncCall.cc(26) AsyncCall: The
AsyncCall Adaptation::Icap::Xaction::noteCommConnected constructed,
this=0x10a1ed0 [call901778]
2017/11/02 12:06:51.454 kid1| 93,3| AsyncCall.cc(93) ScheduleCall:
ConnOpener.cc(137) will call
Adaptation::Icap::Xaction::noteCommConnected(local=[::] remote=
127.0.0.1:1344 flags=1, errno=101, flag=-8, data=0x120c818) [call901778]
2017/11/02 12:06:51.454 kid1| 93,3| AsyncCallQueue.cc(55) fireNext:
entering Adaptation::Icap::Xaction::noteCommConnected(local=[::] remote=
127.0.0.1:1344 flags=1, errno=101, flag=-8, data=0x120c818)
2017/11/02 12:06:51.454 kid1| 93,3| AsyncCall.cc(38) make: make call
Adaptation::Icap::Xaction::noteCommConnected [call901778]
2017/11/02 12:06:51.454 kid1| 93,3| AsyncJob.cc(123) callStart:
Adaptation::Icap::OptXact status in: [/ job146539]
2017/11/02 12:06:51.454 kid1| 93,2| Xaction.cc(272) dieOnConnectionFailure:
Adaptation::Icap::OptXact failed to connect to icap://
127.0.0.1:1344/virus_scan
2017/11/02 12:06:51.454 kid1| 93,3| ServiceRep.cc(161)
noteConnectionFailed: Connection failed: failure
2017/11/02 12:06:51.454 kid1| 93,3| ../../../src/base/AsyncJobCalls.h(177)
dial: Adaptation::Icap::Xaction::noteCommConnected threw exception: cannot
connect to the ICAP service
2017/11/02 12:06:51.454 kid1| 93,3| Xaction.cc(71) ~Xaction:
Adaptation::Icap::OptXact destructed, this=0x120c818 [icapxjob146539]
2017/11/02 12:06:51.454 kid1| 93,3| AsyncCallQueue.cc(57) fireNext: leaving
Adaptation::Icap::Xaction::noteCommConnected(local=[::] remote=
127.0.0.1:1344 flags=1, errno=101, flag=-8, data=0x120c818)
2017/11/02 12:06:51.454 kid1| 93,3| Launcher.cc(95) noteXactAbort: cannot
retry or repeat a failed transaction
2017/11/02 12:06:51.454 kid1| 93,3| ServiceRep.cc(534)
noteAdaptationAnswer: failed to fetch options [down,!opt,fail1]
2017/11/02 12:06:51.454 kid1| optional ICAP service is down after an
options fetch failure: icap://127.0.0.1:1344/virus_scan [down,!opt]
Looks like it load my rules and then tries to connect and fails. I read
almost every post I could find but do not seem to have the same problem.
I can use the c-icap-client and test each service. It looks fine.
># ./c-icap-client -s virus_scan
ICAP server:localhost, ip:127.0.0.1, port:1344
OPTIONS:
Allow 204: Yes
Preview: 1024
Keep alive: Yes
ICAP HEADERS:
ICAP/1.0 200 OK
Methods: RESPMOD, REQMOD
Service: C-ICAP/0.4.3 server - Antivirus service
ISTag: CI0001-J8gT2j9ufFux2fjZGxq1qAAA
Transfer-Preview: *
Options-TTL: 3600
Date: Thu, 02 Nov 2017 16:17:15 GMT
Preview: 1024
Allow: 204
Encapsulated: null-body=0
># ./c-icap-client -s virus_scan -f /bin/ls
ICAP server:localhost, ip:127.0.0.1, port:1344
No modification needed (Allow 204 response)
I can post some of my squid.conf file below for icap options:
icap_enable on
adaptation_send_client_ip on
icap_persistent_connections on
icap_service_failure_limit -1
icap_send_client_ip on
icap_send_client_username on
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_cfi_resp respmod_precache icap://
127.0.0.1:1344/srv_content_filtering routing=on bypass=on
icap_service service_avi_resp respmod_precache icap://
127.0.0.1:1344/virus_scan routing=on bypass=on
adaptation_service_chain check_services service_avi_resp service_cfi_resp
adaptation_access check_services allow Antivirus_users
adaptation_access service_avi_resp deny all
adaptation_access service_cfi_resp deny all
If you need more information I can provide it. I am stuck at why this does
not work anymore.
Note: this is basic linux box running Squid 3.5.22 with C-ICAP 0.4.3 and
ClamAV 0.99.2 also i am not using caching with squid.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20171102/9e6d68b7/attachment-0001.html>
More information about the squid-users
mailing list