|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 11.05.16 21:04, L.P.H. van Belle пишет: > > Hai, > > > > I reviewd your config, thing whats different in c-icap.conf compared to me. > Obviously, the mindless copying and pasting the config - very bad practice, is not it? > > RemoteProxyUsers off ( for you ) on for me. > # TAG: RemoteProxyUsers # Format: RemoteProxyUsers onoff # Description: # Set it to on if you want to use username provided by the proxy server. # This is the recomended way to use users in c-icap. # If the RemoteProxyUsers is off and c-icap configured to use users or # groups the internal authentication mechanism will be used. # Default: # RemoteProxyUsers off RemoteProxyUsers off This is depending proxy configuration. And irrelevant current case. > > > > Whats the content of /etc/c-icap/squidclamav.conf ? > > The important part for me of the file : > > #clamd_local /var/run/clamd.socket ! change/check this > This is OS-dependent, as obvious. > > clamd_ip 127.0.0.1 > > clamd_port 3310 > > > > If you use socket make sure your rights are correct and icap is added to the clamav group. > Wrong. Squid group, not clamav. > > > > > > And my c-icap part of the squid.conf > > ## Tested with Squid 3.4.8 and 3.5.x + squidclamav 6.14 and 6.15 > > icap_enable on > > icap_send_client_ip on > > icap_send_client_username on > > icap_client_username_header X-Authenticated-User > > icap_persistent_connections on > > icap_preview_enable on > > icap_preview_size 1024 > > icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav > > adaptation_access service_req allow all > > icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav > > adaptation_access service_resp allow all > > > > I think you changed to much in the example. > > > > Im reffering to these in the squid.conf > > > adaptation_access service_avi_resp allow all > > service_avi_resp? > > > Complete squid.conf fragment: icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off adaptation_access service_avi_req allow all icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on adaptation_access service_avi_resp allow all Please, PLEASE, do not make recommendation when you not understand what does config lines means! > > Greetz, > > > > Louis > > > > > > > -----Oorspronkelijk bericht----- > > > Van: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] Namens > > > C. L. Martinez > > > Verzonden: woensdag 11 mei 2016 16:41 > > > Aan: squid-users@xxxxxxxxxxxxxxxxxxxxx > > > Onderwerp: Problems configuring Squid with C- > > > ICAP+Squidclamav > > > > > > Hi all, > > > > > > I am installing a new squid proxy server under OpenBSD 5.9 with C- > > > ICAP+Squidclamav, and I am having some troubles. When squid start up and I > > > request some web page, it is returning the following error: > > > > > > 2016/05/11 14:22:06 kid1| essential ICAP service is down after an options > > > fetch failure: icap://localhost:1344/squidclamav [down,!opt] > > > 2016/05/11 14:23:54 kid1| suspending ICAP service for too many failures > > > > > > I've read Squid's wiki page about this and I don't see any error in my > > > config. Squid's config is: > > > > > > icap_enable on > > > icap_send_client_ip on > > > icap_send_client_username on > > > icap_client_username_header X-Authenticated-User > > > icap_preview_enable on > > > icap_preview_size 1024 > > > #icap_service_failure_limit -1 > > > icap_service service_avi_req reqmod_precache > > > icap://localhost:1344/squidclamav bypass=off > > > adaptation_access service_avi_req allow all > > > icap_service service_avi_resp respmod_precache > > > icap://localhost:1344/squidclamav bypass=on > > > adaptation_access service_avi_resp allow all > > > > > > And c-icap's config is: > > > > > > PidFile /var/run/c-icap/c-icap.pid > > > CommandsSocket /var/run/c-icap/c-icap.ctl > > > Timeout 300 > > > MaxKeepAliveRequests 100 > > > KeepAliveTimeout 600 > > > StartServers 3 > > > MaxServers 10 > > > MinSpareThreads 10 > > > MaxSpareThreads 20 > > > ThreadsPerChild 10 > > > MaxRequestsPerChild 0 > > > Port 1344 > > > TmpDir /var/tmp > > > MaxMemObject 131072 > > > DebugLevel 1 > > > Pipelining on > > > ModulesDir /usr/local/lib/c_icap > > > ServicesDir /usr/local/lib/c_icap > > > TemplateDir /usr/local/share/c_icap/templates/ > > > LoadMagicFile /etc/c-icap/c-icap.magic > > > RemoteProxyUsers off > > > RemoteProxyUserHeader X-Authenticated-User > > > RemoteProxyUserHeaderEncoded on > > > acl localhost src 127.0.0.1/255.255.255.255 > > > acl ALLREQUESTS type RESPMOD REQMOD > > > icap_access allow localhost ALLREQUESTS > > > icap_access deny all > > > ServerLog /var/log/c-icap/server.log > > > AccessLog /var/log/c-icap/access.log > > > Logger file_logger > > > Module logger sys_logger.so > > > Service squidclamav squidclamav.so > > > > > > Any idea what am I doing wrong?? How can I do a simple test against c- > > > icap server from command line?? > > > > > > Thanks. > > > > > > -- > > > Greetings, > > > C. L. Martinez > > > > > > _______________________________________________ > > > squid-users mailing list > > > squid-users@xxxxxxxxxxxxxxxxxxxxx > > > http://lists.squid-cache.org/listinfo/squid-users > > > > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXM0xAAAoJENNXIZxhPexG77QIAJ483bwvMjlcTrOZAWm40brN dP+Kv0esWjr6o/VuIpFdY346eqxxMYZjtkIWXMZyd5ZR9qpQMOM2daeq2Payl6pJ WAzbr0vItTm9/EiQOx4fvUABeWabwX+5T3ifazhoeurF7XdWoibRXb8VfEGVfrjg Zjxbpow3FnqNZvkSjSpCdUPw5wnojCjq/WMHhkHh790M6PODbbq3lrEt/6Vnj5nq 2yeejXhGJZc0kXLK2Hql61qRgz8+uAMH9atorLfTrYY9yOq5VL63in8rnKN2y6ML be8kaQB7+DAuz4nh30s5go3AgtqZAbVisoNjy7ib8MU8M6OqWHyWvXBkbzLkUlQ= =gzb9 -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
