[squid-users] icap not answering

steven commercials24 at yahoo.de
Sun Mar 10 19:26:13 UTC 2019 

On 05.03.19 06:13, Amos Jeffries wrote:
> On 5/03/19 12:10 pm, steven wrote:
>> Ah thank you for that clarification, the python icap servers i tested so
>> far are not very promissing but at least theres a connection now.
>>
>> sadly squid does not allow http access at all, only https access.
>>
> Er, that would be because the only http_port you have is configured with
> 'accl' - making it a reverse-proxy port. But you do not have any
> cache_peer configured to handle that type of traffic.
>
>
> So, is there any particular reason you have that port receiving 'accel'
> / reverse-proxy mode traffic?
>   If not remove that mode flag and things should all work for HTTP too.
>

removed the accel mode but still no luck with http, when opening the adress:

http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html


The following error was encountered while trying to retrieve the URL: 
/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html 
<http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html>


invalid url




in this tutorial:

https://www.reddit.com/r/sysadmin/comments/a67hly/squid_proxy_a_short_guide_forward_transparent/


the guy uses two ports for http like this:

|http_port 3128 # Listen on this HTTP port, intercepting requests 
http_port 3129 intercept and then with iptables he redirects 80 to port 
3129 which does not work here :( export 
http_proxy=http://192.168.10.215:3140 && wget google.de # im using 3140 
as intercept port. config at the end. --2019-03-10 20:20:56-- 
http://google.de/ Connecting to 192.168.10.215:3140... connected. Proxy 
request sent, awaiting response... 403 Forbidden 2019-03-10 20:20:56 
ERROR 403: Forbidden. |

cache.log entry:

2019/03/10 20:16:20 kid1| WARNING: Forwarding loop detected for:
GET / HTTP/1.1
User-Agent: Wget/1.19.4 (linux-gnu)
Accept: */*
Accept-Encoding: identity
Via: 1.1 backup (squid/4.4)
Cache-Control: max-age=259200
Connection: keep-alive
Host: google.de



and with:

export http_proxy=http://192.168.10.215:3129 && wget google.de

no cache .log entry, wget output:

--2019-03-10 20:22:42--  (try: 2)  http://google.de/
Connecting to 192.168.10.215:3129... connected.
Proxy request sent, awaiting response... No data received.
Retrying.


why does my client get a 403?






grep -v '#' squid.conf


icap_enable off
icap_preview_enable off
icap_send_client_ip on
icap_send_client_username on
icap_service service_req reqmod_precache bypass=1 
icap://127.0.0.1:1344/request
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0 
icap://127.0.0.1:1344/response
adaptation_access service_resp allow all
acl localnet src 192.168.10.0/24
http_access allow localnet
coredump_dir /var/spool/squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern -i (/cgi-bin/|\?) 0    0%    0
refresh_pattern .        0    20%    4320
http_port 3128
http_port 3140 intercept
https_port 3129 ssl-bump intercept generate-host-certificates=on 
dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/ssl_db 
-M 4MB
acl step1 at_step SslBump1

ssl_bump peek step1
ssl_bump bump all




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20190310/a6106f66/attachment.html>

More information about the squid-users mailing list