On 10/01/20 11:37 pm, netadmin wrote: > squid.conf > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/squid.conf> Okay, so you have taken the part of David's config which sends traffic to ICAP, but not the part which generates a custom 403 message for the client. That means whatever SAVDI is providing to Squid via ICAP is being delivered to the end-client. > access.log > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/access.log> Notice the "Content-Length: 0" in the response headers delivered to the client ... > icap.log > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/icap.log> > Sophos_SAVDI.log > <http://squid-web-proxy-cache.1019090.n4.nabble.com/file/t377857/Sophos_SAVDI.log> > ... and in both these the HTTP response given to SAVDI was 184 bytes long. SAVDI is truncating infected payloads and telling Squid to deliver a 0-length response instead of the infection. So the setup is working fine - though not with the log entries you were expecting to see. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
