Dearest Mr. James Lay.

After considering your previous slanderous, and inflammatory trolling of
my earlier correspondence, my initial response is to help alleviate your
issue but rather, I think not, I believe considering the nature of your
personal disposition to be a slanderous communist piece of human poop,
instead rather, I shall instruct you to go walk yourself off of a bridge
, yes Mr. James Lay.

If your srv_content_filtering.so service does not need to see HTTP
requests, then you can remove srv_cfg_filter_req from your Squid
configuration.

If your srv_content_filtering.so service needs to see both HTTP requests
and responses, then you have two options, in no particular order:

A) Tell c-icap and/or srv_content_filtering.so to send a "Methods:
REQMOD,RESPMOD" ICAP response header field in OPTIONS response. Sorry, I
do not know how to do that in c-icap and even whether that is actually
possible with that software. Please note that using one service URI for
two modes is not uncommon in the ICAP world, but violates the following
ICAP RFC 3507 MUST:

Each service should have a distinct URI
and support only one method in addition to OPTIONS

B) Use different ICAP service URIs for different services (REQMOD and
RESPMOD) and configure each service appropriately on both Squid and
c-icap side. This is what RFC 3507 wants you to do. For example, some
ICAP servers and services would allow you to use these URIs:

* for REQMOD: icap://localhost:1344/srv_cfg_filter?mode=REQMOD
* for RESPMOD: icap://localhost:1344/srv_cfg_filter?mode=RESPMOD


IIRC, Squid will try to use your service in both modes despite that
WARNING. However, I do not know whether c-icap and that service itself
will be happy about receiving REQMOD requests.


HTH,

Alex.

I am not sure but it seems to me like I might not understood squid ACLS
right but yet to be 100% about it.
acl PERMIT_REQUESTS type REQMOD RESPMOD
icap_access allow localhost PERMIT_REQUESTS
icap_access deny all

The acl as far as I know doesn’t have any type such as ICAP request mode.
Am I right?

Eliezer

----
Eliezer Croitoru <http://ngtech.co.il/lmgtfy/>
Linux System Administrator
Mobile+WhatsApp: +972-5-28704261
Email: ***@ngtech.co.il


From: squid-users [mailto:squid-users-***@lists.squid-cache.org] On
Behalf Of James Lay
Sent: Sunday, October 9, 2016 8:03 PM
To: squid-users
Subject: [squid-users] ICAP question

Trying to just get some content filtering working and I'm running into the
below:

WARNING: Squid is configured to use ICAP method REQMOD for service
icap://localhost:1344/srv_cfg_filter but OPTIONS response declares the
methods are RESPMOD

Here's the icap snippet from squid.conf:

icap_enable on
icap_send_client_ip on
icap_persistent_connections on
icap_service srv_cfg_filter_req reqmod_precache
icap://localhost:1344/srv_cfg_filter bypass=on
adaptation_access srv_cfg_filter_req allow all
icap_service srv_cfg_filter_resp respmod_precache
icap://localhost:1344/srv_cfg_filter bypass=off
adaptation_access srv_cfg_filter_resp allow all

interesting c-icap.conf bits:

ModulesDir /opt/icap/lib/c_icap
ServicesDir /opt/icap/lib/c_icap
acl localhost src 127.0.0.1/255.255.255.255
acl PERMIT_REQUESTS type REQMOD RESPMOD
icap_access allow localhost PERMIT_REQUESTS
icap_access deny all
Include srv_content_filtering.conf

lastly, srv_content_filtering.conf:

Service srv_cfg_filter srv_content_filtering.so
srv_content_filtering.Match default body /(test)/ig score=5
LogFormat mySrvContentFiltering "%tl, %>a %im %is %huo [Scores:
%{srv_content_filtering:scores}Sa] [ActionFilter:
%{srv_content_filtering:action_filter}Sa] [Action:
%{srv_content_filtering:action}Sa]"

not sure why I can't seem to get this to fly...any assistance would be
appreciated...thank you.

James