Re: icap not answering

steven <commercials24@xxxxxxxx> · Sun, 10 Mar 2019 20:26:13 +0100

    On 05.03.19 06:13, Amos Jeffries wrote:

      On 5/03/19 12:10 pm, steven wrote:

        Ah thank you for that clarification, the python icap servers i tested so
far are not very promissing but at least theres a connection now.

sadly squid does not allow http access at all, only https access.

      Er, that would be because the only http_port you have is configured with
'accl' - making it a reverse-proxy port. But you do not have any
cache_peer configured to handle that type of traffic.

So, is there any particular reason you have that port receiving 'accel'
/ reverse-proxy mode traffic?
 If not remove that mode flag and things should all work for HTTP too.

    removed the accel mode but still no luck with http, when opening
      the adress:
    http://squid-web-proxy-cache.1019090.n4.nabble.com/http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html

    The following error was encountered while trying to retrieve the
      URL: /http-port-with-quot-transparent-quot-or-quot-intercept-quot-td4677133.html

    invalid url

    in this tutorial:
    https://www.reddit.com/r/sysadmin/comments/a67hly/squid_proxy_a_short_guide_forward_transparent/

    the guy uses two ports for http like this:
    http_port 3128
# Listen on this HTTP port, intercepting requests
http_port 3129 intercept

and then with iptables he redirects 80 to port 3129

which does not work here :(

export http_proxy=http://192.168.10.215:3140 && wget google.de        # im using 3140 as intercept port. config at the end.

--2019-03-10 20:20:56--  http://google.de/
Connecting to 192.168.10.215:3140... connected.
Proxy request sent, awaiting response... 403 Forbidden
2019-03-10 20:20:56 ERROR 403: Forbidden.

    cache.log entry:
    2019/03/10 20:16:20 kid1| WARNING: Forwarding loop detected for:

      GET / HTTP/1.1

      User-Agent: Wget/1.19.4 (linux-gnu)

      Accept: */*

      Accept-Encoding: identity

      Via: 1.1 backup (squid/4.4)

      Cache-Control: max-age=259200

      Connection: keep-alive

      Host: google.de

    and with: 

    export http_proxy=http://192.168.10.215:3129 && wget
      google.de

      no cache .log entry, wget output:
    --2019-03-10 20:22:42--  (try: 2)  http://google.de/

      Connecting to 192.168.10.215:3129... connected.

      Proxy request sent, awaiting response... No data received.

      Retrying.

    why does my client get a 403?

    grep -v '#' squid.conf

      icap_enable off

      icap_preview_enable off

      icap_send_client_ip on

      icap_send_client_username on

      icap_service service_req reqmod_precache bypass=1
      icap://127.0.0.1:1344/request

      adaptation_access service_req allow all

      icap_service service_resp respmod_precache bypass=0
      icap://127.0.0.1:1344/response

      adaptation_access service_resp allow all

      acl localnet src 192.168.10.0/24

      http_access allow localnet

      coredump_dir /var/spool/squid

      refresh_pattern ^ftp:        1440    20%    10080

      refresh_pattern ^gopher:    1440    0%    1440

      refresh_pattern -i (/cgi-bin/|\?) 0    0%    0

      refresh_pattern .        0    20%    4320

      http_port 3128

      http_port 3140 intercept

      https_port 3129 ssl-bump intercept generate-host-certificates=on
      dynamic_cert_mem_cache_size=4MB cert=/etc/squid/myCA.pem

      sslcrtd_program /usr/lib/squid/security_file_certgen -s
      /var/lib/ssl_db -M 4MB

      acl step1 at_step SslBump1

      ssl_bump peek step1

      ssl_bump bump all

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users