[squid-users] Squid 3.5 - icap parsing error

VON EUW Andreas andreas.voneuw at axa.com
Fri Aug 28 20:29:14 UTC 2020


Hi all,

I'm trying to integrate a Squid Cache version 3.5.20 for x86_64-redhat-linux-gnu with a Symantec Protection Engine 8.1 to do virus scaning in a reverse proxy setup.
I do send all POST requests to our virus scan engine. But icap integration does not work as expected. Squid does send a OPTIONS request to the icap server.
We get a valid answer from Symantec Protection Engine. But squid fails afterwards with a parsing exception:

2020/08/26 10:04:54.590| 58,3| HttpMsg.cc(173) parse: HttpMsg::parse: failed to find end of headers (eof: 0) in 'ICAP/1.0 200 OK
Date: Wed Aug 26 08:04:54 2020 GMT
Methods: REQMOD
Service: Symantec Protection Engine/8.1.0.29
Service-ID: SYMCSCANREQ-AV
ISTag: "0FF01DDE4872272B6F445AED8643888C"
X-Definition-Info: 20200825.022
Max-Connections: 32
X-Allow-Out: X-Outer-Container-Is-Mime, X-Infection-Found, X-Definition-Info, X-AV-License
X-Allow-Out: X-Violations-Found
X-Allow-Out: X-SYMANTEC-URL-Definition-Info, X-CAIC-URL-Definition-Info, X-SYMANTEC-URLReputation-Definition-Info, X-URL-License, X-URL-Reputation-License
Allow: 204
Options-TTL: 3600
Preview: 4
Transfer-Preview: *
X-AV-License: 1
X-URL-License: 1
X-URL-Reputation-License: 1
'

Does somebody has an idea what's going wrong here? Is this a known squid/icap bug?

Attached: log, config and tcpdumps from icap server 1 and 2 (squid does connect thru a loadbalancer to the icap server)


IPs in the tcpdump:

Squid has IP 10.64.7.145

ICAP Server has IP: 10.140.28.144



Relevant Time in squid.log: 2020/08/26 10:04:54 (= 2020/08/26 08:04:54 icap server time)

Thanks and kind regards,
 Andy


Andreas von Euw

Java Dev Support
AXA Group Operations

andreas.voneuw at axa.com<mailto:andreas.voneuw at axa-tech.com>

Ce message est confidentiel; Son contenu ne represente en aucun cas
un engagement de la part de AXA  sous reserve de tout accord conclu
par ecrit  entre vous et  AXA.  Toute publication,  utilisation  ou 
diffusion,  meme partielle,  doit etre autorisee prealablement.  Si
vous  n'etes pas  destinataire  de ce message,  merci  d'en avertir 
immediatement l'expediteur.

This message is  confidential;  its  contents  do not  constitute a
commitment by AXA  except where provided for in a written agreement 
between you and AXA.  Any unauthorised disclosure,  use or dissemi-
nation, either whole or partial,  is prohibited. If you are not the
intended recipient of the message,  please notify  the sender imme-
diately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200828/8178c8ea/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid-icap.conf
Type: application/octet-stream
Size: 393 bytes
Desc: squid-icap.conf
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200828/8178c8ea/attachment-0003.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dump.rar
Type: application/octet-stream
Size: 1786 bytes
Desc: dump.rar
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200828/8178c8ea/attachment-0004.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.log.rar
Type: application/octet-stream
Size: 7146 bytes
Desc: squid.log.rar
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20200828/8178c8ea/attachment-0005.obj>


More information about the squid-users mailing list