Re: [squid-users] Squid3 and c-icap

Hi Christos,

thanks for the quick reply.

>> I set up the combo Squid3 and c-icap and it works for most. However, I
>> get a couple of "ICAP protocol errors" during downloads.
> The version of squid3 you are using is about 10 months old, please
> upgrade to a newer version:

Okay, I upgraded to the current Debian sid sources. This is the
following Squid and it has the icap client enabled right off the shelf:

Squid Cache: Version 3.0.PRE7
configure options: '--build=i486-linux-gnu' '--prefix=/usr'
'--includedir=${prefix}/include' '--mandir=${prefix}/share/man'
'--infodir=${prefix}/share/info' '--sysconfdir=/etc'
'--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3'
'--disable-maintainer-mode' '--disable-dependency-tracking' '--srcdir=.'
'--datadir=/usr/share/squid3' '--sysconfdir=/etc/squid3'
'--mandir=/usr/share/man' '--with-cppunit-basedir=/usr'
'--enable-inline' '--enable-async-io=8'
'--enable-storeio=ufs,aufs,coss,diskd'
'--enable-removal-policies=lru,heap' '--enable-poll'
'--enable-delay-pools' '--enable-cache-digests' '--enable-snmp'
'--enable-htcp' '--enable-select' '--enable-carp' '--enable-large-files'
'--enable-underscores' '--enable-icap-client'
'--enable-auth=basic,digest,ntlm'
'--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SASL,SMB,YP,getpwnam,multi-domain-NTLM'
'--enable-ntlm-auth-helpers=SMB'
'--enable-digest-auth-helpers=ldap,password'
'--enable-external-acl-helpers=ip_user,ldap_group,session,unix_group,wbinfo_group'
'--with-filedescriptors=65536' '--with-default-user=proxy'
'--enable-epoll' '--enable-linux-netfilter' 'CC=cc' 'CFLAGS=-g -Wall
-O2' 'CPPFLAGS=' 'CXXFLAGS=-g -Wall -O2' 'CXX=g++' 'LDFLAGS='
'build_alias=i486-linux-gnu'

However, updating did not change the issue.

> http://www.squid-cache.org/Versions/v3/3.0/

Well, unless there is really a known issue I would not like to leave the
Debian tree, since once the system is working, I tend to forget watching
for security updates.

>> Can anybody give me a hint on how to do better diagnosis on the problem?
> Again upgrade your squid3 proxy to a newer version.

Done.

> Always you can to send urls which are not working.

http://dfn.dl.sourceforge.net/sourceforge/openantivirus/samba-vscan-0.3.6b.tar.bz2

> Also wireshark is a good tool :-)

I feared that answer. But since I do not know the ICAP protocol I do
neither know what to expect. I have a log of that access and I would
gladly send it do anybody, who knowns how to read it.

$ tcpdump -w icap-packets.dump -i lo port 1344

> About c-icap configuration please ask to the c-icap mailing list.

One of the first responses of c-icap appears to be

  500 Server Error

but later I also find packets sent from c-icap containing things like

  200 OK
  Moved Temporarily

and so on. So if that first message is not intended, it is probably an
issue of c-icap.

Thanks for your help,
  - lars.
Received on Sun Sep 09 2007 - 12:30:20 MDT