[squid-users] Squid and c-icap's srv_url_check module
Amos Jeffries
squid3 at treenet.co.nz
Fri Jun 19 09:29:42 UTC 2020
On 19/06/20 8:46 pm, Amiq Nahas wrote:
> On Wed, Jun 17, 2020 at 8:28 PM Amos Jeffries wrote:
>>
>>> Browser does prompt for user credentials just like the squid.conf is
>>> configured to do, but it is not blocking websites.
>>>
>>> However, when I execute c-icap-client from command line it blocks the
>>> blocklisted websites.
>>> To check with c-icap-client I have used the below command:
>>> `c-icap-client -s url_check -x "X-Authenticated-User: dXNlcjE=" -req
>>> "https://www.facebook.com/" -v`
>>>
>>> So if the blocking from c-icap client is working but blocking from
>>> browser is not working then
>>
>> Please define "blocking from c-icap"
>> Please define "blocking from browser"
>
> Squid is being used as a manual proxy at localhost:3128 in firefox,
> and as a way of authenticating a user (proxy authentication), in my
> case I am the sole user.
> Squid is configured and is being used by the browser on the same machine.
>
> When I said blocking from browser is not happening,
> I meant that when I use the browser to access a website it is not blocked,
> where as, when c-icap-client is used to make a request using the command
> `c-icap-client -s url_check -x "X-Authenticated-User: dXNlcjE=" -req
> "https://www.facebook.com/" -v`
> I get the response saying the website is blocked.
>
> ls> > So what could be it? Please let me know if any other piece of
>>> information is required, I am not sure what else could be of use.
>>>
>>
>> Log trace(s) from a transaction that you think is failing to start with.
>> Squid access.log and c-icap log. Maybe a Squid cache.log trace with
>> debug_options 11,2 or ALL,2
>
> Squid logs access.log and cache.log do contain the logs of requested
> websites requested via browser.
> I enabled debug_options ALL,2 and here are the logs:
Looks like traffic is fine and Squid operational, but no sign of any
ICAP activity. I think try adding this to your config:
adaptation_access svcBlocker allow all
Its supposed to be the default action, but just to be sure add it
explicitly.
Amos
More information about the squid-users
mailing list