[squid-users] icap not answering
Marcus Kool
marcus.kool at urlfilterdb.com
Sun Mar 3 10:11:07 UTC 2019
Squid is an ICAP client, not an ICAP server!, and does not repond on port 1344.
Marcus
On 02/03/2019 22:29, steven wrote:
> Hi,
>
>
> i would like todo modifications on https connections and therefore enabled ssl bump in squid 4.4, now i would like to see the real traffic and icap looks like a way to watch and change that traffic.
>
> but squid is not answering to icap://127.0.0.1:1344 when using pyicap or telnet.
>
> the telnet error is:
>
> telnet 127.0.0.1 1344
> Trying 127.0.0.1...
> telnet: Unable to connect to remote host: Connection refused
>
> which is imho good because it tells me that something is answering on that port after all.
>
> did i misconfigure something?
>
>
>
> config:
>
> debug_options 28,9
> #icap
> icap_enable on
> icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/reqmod
> adaptation_access service_req allow all
> icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/respmod
> adaptation_access service_resp allow all
> acl localnet src 127.0.0.1/32 192.168.10.0/24
> http_access allow localnet
> acl SSL_ports port 443
> acl CONNECT method CONNECT
> #http_access deny !Safe_ports
> #http_access deny CONNECT !SSL_ports
> http_access allow localhost manager
> http_access deny manager
> include /etc/squid/conf.d/*
> http_access allow localhost
> coredump_dir /var/spool/squid
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> # default end
> # my config
> http_port 3128 accel ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
> https_port 3129 ssl-bump intercept generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
> sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db -M 4MB
> acl step1 at_step SslBump1
>
> ssl_bump peek step1
> ssl_bump bump all
>
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list