Bug #8832
closed
c-icap for Squid 5.1 on 2.4.4 Developer not starting
0%
Description
See: https://forum.netgate.com/topic/133774/2-4-x-squid-clamav-fix-for-c-icap-0-5-x-not-starting.
Verified his fix works:
Googling, you'd find this: https://sourceforge.net/p/c-icap/mailman/message/36379708/
It seems, on 0.5.x, ListenAddress has been removed in favor of the Port statement.
To fix C-ICAP, you must:
Remove ListenAddress 127.0.0.1 statement on line 134 of c-icap.conf
Replace Port 1344 statement on line 142 of c-icap.conf with Port 127.0.0.1:1344
To prevent pfSense from overwriting, chmod -w that file to prevent writes to it.
Hopefully this helps someone. :)
Files
Updated by Anonymous over 5 years ago
- Priority changed from Normal to Normal-package
Updated by Jim Pingle over 5 years ago
- Project changed from pfSense to pfSense Packages
- Category set to Squid
Updated by Steve Wheeler over 5 years ago
Confirmed the above fix is still functional in 2.4.4r but the default package is still broken.
As a workaround you can enable the advanced settings in the antivirus tab and make that change to the c-icap.conf file there. It then survives other changes.
Updated by Jim Pingle over 5 years ago
This is a problem in the FreeBSD c-icap port. The port itself contains a patch that adds the ListenAddress line.
https://github.com/freebsd/freebsd-ports/blob/master/www/c-icap/files/patch-c-icap.conf.in
Updated by Steve Wheeler over 5 years ago
Updated by Jim Pingle over 5 years ago
If the FreeBSD port is wrong, though, it should be fixed upstream. Then we wouldn't need to make any changes.
Someone installing c-icap on FreeBSD will get an incorrect example config to start with.
Updated by Michael M over 5 years ago
Hi Jim,
the guy from the mailing list is me.
The "Listen" directive was removed from 0.4 to 0.5.
Upstream port should be fine.
We also had the same problem and switched in templating1. No idea how you guys at pfsense do this.
Hope this helps you to fix it.
Michael
[1]https://github.com/opnsense/plugins/pull/658/files
Updated by Jim Pingle over 5 years ago
The upstream port is not fine. See the file I linked. The FreeBSD port is explicitly adding the ListenAddress directive to the default c-icap.conf which is deprecated.
We can certainly fix it by altering the c-icap config, sure, but the FreeBSD port would still have a broken default config. I'd like to see a fix upstreamed no matter what we choose to do here.
Updated by Jim Pingle over 5 years ago
- File c-icap-conf-fix.diff c-icap-conf-fix.diff added
Attached is a patch to fix the c-icap FreeBSD port default config to use the correct current syntax.
Updated by Jim Pingle over 5 years ago
- Status changed from New to Feedback
- Assignee set to Jim Pingle
This should be fixed now. Update the squid package and it should pick up the c-icap update and then work as expected. If that fails, remove the squid package and then install it again.
Updated by Marcel Beerli over 5 years ago
upgraded to squid 0.4.44_5 but c-icap is still not starting.
Updated by Jim Pingle over 5 years ago
- Status changed from Feedback to Resolved
Uninstall squid and then reinstall. If it still won't start, then it's not this issue. Start a new thread on the forum to discuss the issue and gather details about what is happening in your environment.