Bug #4663
closed
pfsense 2.2.2-RELEASE + squid3 + squidGuard = Breaking squid.conf when using c-icap
100%
Description
Squid + SquidGuard will break squid.conf when changes are made if using C-ICAP due to some parameters missing the ON value. As a result Squid and SquidGuard service will fail to start every time a change is made via pfsense GUI to any of them. A temporary fix can be applied by manually modifying the squid.conf file but be aware that those changes will go away if you change anything via GUI.
affected parameter for C-ICAP on squid.conf:
icap_send_client_ip
icap_send_client_username
Updated by Kill Bill over 8 years ago
Care to tell us what's exactly wrong with the value being set to off when required by user configuration?
https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid.inc#L1345
https://github.com/pfsense/pfsense-packages/blob/master/config/squid3/34/squid.inc#L1321
I don't get what's the bug where. Thanks. If the only accepted value is "on" and disabling makes Squid bomb out, I'd suggest bugging upstream instead.
Updated by yunior alvarez over 8 years ago
OK let me be more specific
function squid_resync_antivirus() {
global $config;
if (is_array($config['installedpackages']['squidantivirus']))
$antivirus_config = $config['installedpackages']['squidantivirus']['config'][0];
else
$antivirus_config = array();
if ($antivirus_config['enable']=="on") {
switch ($antivirus_config['client_info']) {
case "both":
$icap_send_client_ip="on";
$icap_send_client_username="on";
break;
case "IP":
$icap_send_client_ip="on";
$icap_send_client_username="off";
break;
case "username":
$icap_send_client_ip="off";
$icap_send_client_username="on";
break;
case "none":
$icap_send_client_ip="off";
$icap_send_client_username="off";
break;
}
if (is_array($config['installedpackages']['squid']))
$squid_config=$config['installedpackages']['squid']['config'][0];
$conf = <<< EOF
icap_enable on
icap_send_client_ip {$icap_send_client_ip} => here is your issue (variable will not set value)
icap_send_client_username {$icap_send_client_username} => here is your issue (variable will not set value)
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
icap_service service_avi_req reqmod_precache icap://[::1]:1344/squid_clamav bypass=off
adaptation_access service_avi_req allow all
icap_service service_avi_resp respmod_precache icap://[::1]:1344/squid_clamav bypass=on
adaptation_access service_avi_resp allow all
EOF;
icap_send_client_ip {$icap_send_client_ip} => here is your issue (variable will not set value)
icap_send_client_username {$icap_send_client_username} => here is your issue (variable will not set value)
so when you update/install/save config, instead of having
icap_send_client_ip = 0 or 1 (depending on your choice) you end up with icap_send_client_ip {$icap_send_client_ip}
icap_send_client_username = 0 or 1 (depending on your choice) icap_send_client_username {$icap_send_client_username}
that will break squid config when parsing the config file - so far this has not been fixed as per the last update of squid in pfsense, so i have to manually edit the squid.inc to reflect the permanent desired values.
I have replicated this issue more than 10 times already and its always same thing.
Updated by Kill Bill over 8 years ago
So you don't have antivirus enabled, or what? (Please, use the fine "pre" button to post code, the above is unreadable mess.)
Updated by Kill Bill over 8 years ago
Cannot reproduce any such problem unless I don't select anything in Client forward options. Select something there and you won't have issues.
Updated by Kill Bill over 8 years ago
Updated by Renato Botelho over 8 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Pull request has been merged, thanks!
Updated by Chris Buechler over 8 years ago
- Status changed from Feedback to Resolved
- Affected Version deleted (
2.2.2) - Affected Architecture added
- Affected Architecture deleted (
amd64)