Bug #8832

c-icap for Squid 5.1 on 2.4.4 Developer not starting

Added by Juan Abonia over 2 years ago. Updated about 2 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Affected Version:
Affected Architecture:


Verified his fix works:

Googling, you'd find this:

It seems, on 0.5.x, ListenAddress has been removed in favor of the Port statement.
To fix C-ICAP, you must:

Remove ListenAddress statement on line 134 of c-icap.conf
Replace Port 1344 statement on line 142 of c-icap.conf with Port
To prevent pfSense from overwriting, chmod -w that file to prevent writes to it.
Hopefully this helps someone. :)

c-icap-conf-fix.diff (1.45 KB) c-icap-conf-fix.diff Jim Pingle, 09/25/2018 11:47 AM


#1 Updated by Steve Beaver over 2 years ago

  • Priority changed from Normal to Normal-package

#2 Updated by Jim Pingle over 2 years ago

  • Project changed from pfSense to pfSense Packages
  • Category set to Squid

#3 Updated by Jim Pingle about 2 years ago

  • Target version deleted (2.4.4)

#4 Updated by Steve Wheeler about 2 years ago

Confirmed the above fix is still functional in 2.4.4r but the default package is still broken.

As a workaround you can enable the advanced settings in the antivirus tab and make that change to the c-icap.conf file there. It then survives other changes.

#5 Updated by Jim Pingle about 2 years ago

This is a problem in the FreeBSD c-icap port. The port itself contains a patch that adds the ListenAddress line.

#7 Updated by Jim Pingle about 2 years ago

If the FreeBSD port is wrong, though, it should be fixed upstream. Then we wouldn't need to make any changes.

Someone installing c-icap on FreeBSD will get an incorrect example config to start with.

#8 Updated by Michael M about 2 years ago

Hi Jim,

the guy from the mailing list is me.
The "Listen" directive was removed from 0.4 to 0.5.
Upstream port should be fine.

We also had the same problem and switched in templating1. No idea how you guys at pfsense do this.

Hope this helps you to fix it.



#9 Updated by Jim Pingle about 2 years ago

The upstream port is not fine. See the file I linked. The FreeBSD port is explicitly adding the ListenAddress directive to the default c-icap.conf which is deprecated.

We can certainly fix it by altering the c-icap config, sure, but the FreeBSD port would still have a broken default config. I'd like to see a fix upstreamed no matter what we choose to do here.

#10 Updated by Jim Pingle about 2 years ago

Attached is a patch to fix the c-icap FreeBSD port default config to use the correct current syntax.

#11 Updated by Jim Pingle about 2 years ago

  • Status changed from New to Feedback
  • Assignee set to Jim Pingle

This should be fixed now. Update the squid package and it should pick up the c-icap update and then work as expected. If that fails, remove the squid package and then install it again.

#12 Updated by Marcel Beerli about 2 years ago

upgraded to squid 0.4.44_5 but c-icap is still not starting.

#13 Updated by Jim Pingle about 2 years ago

  • Status changed from Feedback to Resolved

Uninstall squid and then reinstall. If it still won't start, then it's not this issue. Start a new thread on the forum to discuss the issue and gather details about what is happening in your environment.

Also available in: Atom PDF