Bug #4663
closed
pfsense 2.2.2-RELEASE + squid3 + squidGuard = Breaking squid.conf when using c-icap
100%
Description
Squid + SquidGuard will break squid.conf when changes are made if using C-ICAP due to some parameters missing the ON value. As a result Squid and SquidGuard service will fail to start every time a change is made via pfsense GUI to any of them. A temporary fix can be applied by manually modifying the squid.conf file but be aware that those changes will go away if you change anything via GUI.
affected parameter for C-ICAP on squid.conf:
icap_send_client_ip
icap_send_client_username
Updated by Kill Bill almost 10 years ago
Care to tell us what's exactly wrong with the value being set to off when required by user configuration?
https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid.inc#L1345
https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid.inc#L1321
I don't get what's the bug where. Thanks. If the only accepted value is "on" and disabling makes Squid bomb out, I'd suggest bugging upstream instead.
Updated by yunior alvarez almost 10 years ago
OK let me be more specific
function squid_resync_antivirus() {
global $config;
if (is_array($config['installedpackages']['squidantivirus']))
$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
else
$antivirus_config = array();
if ($antivirus_config['enable']=="on") {
switch ($antivirus_config['client_info']) {
case "both":
$icap_send_client_ip="on";
$icap_send_client_username="on";
break;
case "IP":
$icap_send_client_ip="on";
$icap_send_client_username="off";
break;
case "username":
$icap_send_client_ip="off";
$icap_send_client_username="on";
break;
case "none":
$icap_send_client_ip="off";
$icap_send_client_username="off";
break;
}
if (is_array($config['installedpackages']['squid']))
$squid_config=$config['installedpackages']['squid']['config'][0];
$conf = <<< EOF
icap_enable on
icap_send_client_ip {$icap_send_client_ip} => here is your issue (variable will not set value)
icap_send_client_username {$icap_send_client_username} => here is your issue (variable will not set value)
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all
EOF;
icap_send_client_ip {$icap_send_client_ip} => here is your issue (variable will not set value)
icap_send_client_username {$icap_send_client_username} => here is your issue (variable will not set value)
so when you update/install/save config, instead of having
icap_send_client_ip = 0 or 1 (depending on your choice) you end up with icap_send_client_ip {$icap_send_client_ip}
icap_send_client_username = 0 or 1 (depending on your choice) icap_send_client_username {$icap_send_client_username}
that will break squid config when parsing the config file - so far this has not been fixed as per the last update of squid in pfsense, so i have to manually edit the squid.inc to reflect the permanent desired values.
I have replicated this issue more than 10 times already and its always same thing.
Updated by Kill Bill almost 10 years ago
So you don't have antivirus enabled, or what? (Please, use the fine "pre" button to post code, the above is unreadable mess.)
Updated by Kill Bill almost 10 years ago
Cannot reproduce any such problem unless I don't select anything in Client forward options. Select something there and you won't have issues.
Updated by Kill Bill almost 10 years ago
Updated by Renato Botelho almost 10 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Pull request has been merged, thanks!
Updated by Chris Buechler over 9 years ago
- Status changed from Feedback to Resolved
- Affected Version deleted (
2.2.2) - Affected Architecture added
- Affected Architecture deleted (
amd64)