-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hm. Rare case. In general, any OS TCP stack can resolve localhost itself to 127.0.0.1 with /etc/hosts or whatever. 12.05.16 14:42, C. L. Martinez пишет: > On Wed 11.May'16 at 21:14:08 +0600, Yuri Voinov wrote: >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA256 >> >> >> 11.05.16 21:04, L.P.H. van Belle пишет: >>> >>> Hai, >>> >>> >>> >>> I reviewd your config, thing whats different in c-icap.conf compared >> to me. >>> >> Obviously, the mindless copying and pasting the config - very bad >> practice, is not it? >>> >>> RemoteProxyUsers off ( for you ) on for me. >>> >> # TAG: RemoteProxyUsers >> # Format: RemoteProxyUsers onoff >> # Description: >> # Set it to on if you want to use username provided by the proxy server. >> # This is the recomended way to use users in c-icap. >> # If the RemoteProxyUsers is off and c-icap configured to use users or >> # groups the internal authentication mechanism will be used. >> # Default: >> # RemoteProxyUsers off >> RemoteProxyUsers off >> >> This is depending proxy configuration. And irrelevant current case. >>> >>> >>> >>> Whats the content of /etc/c-icap/squidclamav.conf ? >>> >>> The important part for me of the file : >>> >>> #clamd_local /var/run/clamd.socket ! change/check this >>> >> This is OS-dependent, as obvious. >>> >>> clamd_ip 127.0.0.1 >>> >>> clamd_port 3310 >>> >>> >>> >>> If you use socket make sure your rights are correct and icap is added >> to the clamav group. >>> >> Wrong. Squid group, not clamav. >>> >>> >>> >>> >>> >>> And my c-icap part of the squid.conf >>> >>> ## Tested with Squid 3.4.8 and 3.5.x + squidclamav 6.14 and 6.15 >>> >>> icap_enable on >>> >>> icap_send_client_ip on >>> >>> icap_send_client_username on >>> >>> icap_client_username_header X-Authenticated-User >>> >>> icap_persistent_connections on >>> >>> icap_preview_enable on >>> >>> icap_preview_size 1024 >>> >>> icap_service service_req reqmod_precache bypass=1 >> icap://127.0.0.1:1344/squidclamav >>> >>> adaptation_access service_req allow all >>> >>> icap_service service_resp respmod_precache bypass=1 >> icap://127.0.0.1:1344/squidclamav >>> >>> adaptation_access service_resp allow all >>> >>> >>> >>> I think you changed to much in the example. >>> >>> >>> >>> Im reffering to these in the squid.conf >>> >>>> adaptation_access service_avi_resp allow all >>> >>> service_avi_resp? >>> >>> >>> >> Complete squid.conf fragment: >> >> icap_service service_avi_req reqmod_precache >> icap://localhost:1344/squidclamav bypass=off >> adaptation_access service_avi_req allow all >> icap_service service_avi_resp respmod_precache >> icap://localhost:1344/squidclamav bypass=on >> adaptation_access service_avi_resp allow all >> >> Please, PLEASE, do not make recommendation when you not understand what >> does config lines means! >> > > Ok, problem is solved. Seems there is some problem between squid and my unbound DNS server. Changing the following lines: > > icap_service service_avi_req reqmod_precache icap://localhost:1344/squidclamav bypass=off > icap_service service_avi_resp respmod_precache icap://localhost:1344/squidclamav bypass=on > > to: > > icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=off > icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=on > > all works as expected. As you can see I have changed "localhost" for "127.0.0.1" ... localhost entry exists inside my /etc/hosts file, and OpenBSD resolves correctly, but under unbound's config I have enabled "do-not-query-localhost: no" because unbound is configured to work with dnscrypt-proxy service... > > I am not sure about this, but it is the only answer that explains this problem ... or it is a bug (but I don't think so). > > What do you think?? > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEbBAEBCAAGBQJXNGP4AAoJENNXIZxhPexGTs4H+KjRaCUYCnTjEeHf/EUDMP8S FHfDKK4nCRbTL/KDn8i4vp1NnZjUjE/t/MfyfEnWNAO1SFknLqAFmlIX/P2Tm6b9 EzSB6XZKMfSg9PrzZxKJkRqF3tRzBXOs0lK2pEVyTd5i2xKkTCsMGw6eHOp8dveG 4DjG1OW3oGCQELJLuj+kPjnjGzYRHRL3Ck+z4ao+CWnIpCUsy0EEtT8+qhyukPkG Z4kJZzACLq5eR3Pl6moOIsQjSxch5j6ppuOd2tvgqyelAa2VmOECIhp/E8R68QCl EbmFT2V6xKBKtj2bMiHnYiRVRnlVd6Sd9jsFjhSyrbj2P6XeyWg/03RlOgwYiA== =Qv20 -----END PGP SIGNATURE-----
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
