Project

General

Profile

Bug #8832

c-icap for Squid 5.1 on 2.4.4 Developer not starting

Added by Juan Abonia about 1 year ago. Updated 11 months ago.

Status:
Resolved
Priority:
Normal-package
Assignee:
Category:
Squid
Target version:
-
Start date:
08/24/2018
Due date:
% Done:

0%

Estimated time:
Affected Version:
2.4.4
Affected Architecture:

Description

See: https://forum.netgate.com/topic/133774/2-4-x-squid-clamav-fix-for-c-icap-0-5-x-not-starting.
Verified his fix works:

Googling, you'd find this: https://sourceforge.net/p/c-icap/mailman/message/36379708/

It seems, on 0.5.x, ListenAddress has been removed in favor of the Port statement.
To fix C-ICAP, you must:

Remove ListenAddress 127.0.0.1 statement on line 134 of c-icap.conf
Replace Port 1344 statement on line 142 of c-icap.conf with Port 127.0.0.1:1344
To prevent pfSense from overwriting, chmod -w that file to prevent writes to it.
Hopefully this helps someone. :)

c-icap-conf-fix.diff (1.45 KB) c-icap-conf-fix.diff Jim Pingle, 09/25/2018 11:47 AM

History

#1 Updated by Steve Beaver 12 months ago

  • Priority changed from Normal to Normal-package

#2 Updated by Jim Pingle 12 months ago

  • Project changed from pfSense to pfSense Packages
  • Category set to Squid

#3 Updated by Jim Pingle 11 months ago

  • Target version deleted (2.4.4)

#4 Updated by Steve Wheeler 11 months ago

Confirmed the above fix is still functional in 2.4.4r but the default package is still broken.

As a workaround you can enable the advanced settings in the antivirus tab and make that change to the c-icap.conf file there. It then survives other changes.

#5 Updated by Jim Pingle 11 months ago

This is a problem in the FreeBSD c-icap port. The port itself contains a patch that adds the ListenAddress line.

https://github.com/freebsd/freebsd-ports/blob/master/www/c-icap/files/patch-c-icap.conf.in

#7 Updated by Jim Pingle 11 months ago

If the FreeBSD port is wrong, though, it should be fixed upstream. Then we wouldn't need to make any changes.

Someone installing c-icap on FreeBSD will get an incorrect example config to start with.

#8 Updated by Michael M 11 months ago

Hi Jim,

the guy from the mailing list is me.
The "Listen" directive was removed from 0.4 to 0.5.
Upstream port should be fine.

We also had the same problem and switched in templating1. No idea how you guys at pfsense do this.

Hope this helps you to fix it.

Michael

[1]https://github.com/opnsense/plugins/pull/658/files

#9 Updated by Jim Pingle 11 months ago

The upstream port is not fine. See the file I linked. The FreeBSD port is explicitly adding the ListenAddress directive to the default c-icap.conf which is deprecated.

We can certainly fix it by altering the c-icap config, sure, but the FreeBSD port would still have a broken default config. I'd like to see a fix upstreamed no matter what we choose to do here.

#10 Updated by Jim Pingle 11 months ago

Attached is a patch to fix the c-icap FreeBSD port default config to use the correct current syntax.

#11 Updated by Jim Pingle 11 months ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle

This should be fixed now. Update the squid package and it should pick up the c-icap update and then work as expected. If that fails, remove the squid package and then install it again.

#12 Updated by Marcel Beerli 11 months ago

upgraded to squid 0.4.44_5 but c-icap is still not starting.

#13 Updated by Jim Pingle 11 months ago

  • Status changed from Feedback to Resolved

Uninstall squid and then reinstall. If it still won't start, then it's not this issue. Start a new thread on the forum to discuss the issue and gather details about what is happening in your environment.

Also available in: Atom PDF