Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] C-icap seems to be inoperable in 17.7.5
« previous
next »
Print
Pages: [
1
]
Author
Topic: [SOLVED] C-icap seems to be inoperable in 17.7.5 (Read 1115 times)
Tigger
Newbie
Posts: 13
Karma: 1
[SOLVED] C-icap seems to be inoperable in 17.7.5
«
on:
October 17, 2017, 09:40:27 pm »
Installed 2 opn 17.7.5 boxes in HA config. The problem came up when i tried to attach ClamAV to Squid. Well, i installed Web Proxy, C-icap and ClamAV plugins, enabled c-icap, told Squid to use c-icap... And got an error:
------------------------------------------------------------------------
The following error was encountered while trying to retrieve the URL:
http://www.ya.ru/
ICAP protocol error.
The system returned: [No Error]
This means that some aspect of the ICAP communication failed.
Some possible problems are:
•The ICAP server is not reachable.
•An Illegal response was received from the ICAP server.
------------------------------------------------------------------------
Well, i entered the OPN console, launched netstat... And, as i thought, there was nobody listening at icap port. The web GUI is showing the c-icap service running though, that is strange.
What should i do to get the thing running ?
«
Last Edit: October 18, 2017, 11:00:45 pm by franco
»
Logged
mimugmail
Hero Member
Posts: 1218
Karma: 111
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #1 on:
October 17, 2017, 09:43:08 pm »
Please check the logfiles in /var/log/c-icap ... have you tried without HA?
Logged
Tigger
Newbie
Posts: 13
Karma: 1
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #2 on:
October 17, 2017, 10:39:34 pm »
Server.log:
Tue Oct 17 22:00:10 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:00:12 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:00:12 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4...
Tue Oct 17 22:00:13 2017, 14669/348217344, recomputing istag ...
Tue Oct 17 22:00:13 2017, 15001/348217344, recomputing istag ...
Tue Oct 17 22:00:13 2017, 15222/348217344, recomputing istag ...
Tue Oct 17 22:05:53 2017, main proc, Possibly a term signal received. Monitor process going to term all children
Tue Oct 17 22:10:14 2017, main proc, Error converting ipv6 address to the network byte order
Tue Oct 17 22:10:14 2017, main proc, WARNING! Error binding to an ipv6 address. Trying ipv4...
Tue Oct 17 22:10:49 2017, 68377/687955968, recomputing istag ...
Tue Oct 17 22:10:49 2017, 68409/687955968, recomputing istag ...
Tue Oct 17 22:10:49 2017, 68251/687955968, recomputing istag ...
Access.log:
17/Oct/2017:22:00:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:04:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:16:28 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:20:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:23:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:26:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:29:44 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:33:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:36:49 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:40:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:44:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:48:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:52:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:22:55:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:00:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:04:47 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:10:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:15:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:20:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:25:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:30:18 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:33:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
17/Oct/2017:23:36:55 +0300, 127.0.0.1 127.0.0.1 OPTIONS reqmod 404
Logged
mimugmail
Hero Member
Posts: 1218
Karma: 111
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #3 on:
October 18, 2017, 06:16:56 am »
Can you post pictures from the two c-icap tabs and clamav?
What's the ICAP URL in Web Proxy?
Logged
Tigger
Newbie
Posts: 13
Karma: 1
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #4 on:
October 18, 2017, 02:49:28 pm »
Here they are:
Logged
fabian
Hero Member
Posts: 1492
Karma: 111
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #5 on:
October 18, 2017, 05:05:22 pm »
the service of clamav is "avscan" - not respmod/reqmod - please correct the URL.
Logged
Tigger
Newbie
Posts: 13
Karma: 1
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #6 on:
October 18, 2017, 05:27:21 pm »
Request and response string is now "icap://127.0.0.1:1344/avscan/".
access.log:
--------------------------------------------------------
18/Oct/2017:18:21:48 +0300, 127.0.0.1 127.0.0.1 OPTIONS avscan/ 404
18/Oct/2017:18:24:29 +0300, 127.0.0.1 127.0.0.1 OPTIONS avscan/ 404
--------------------------------------------------------
Looks like it is still not working.
Logged
mimugmail
Hero Member
Posts: 1218
Karma: 111
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #7 on:
October 18, 2017, 06:21:25 pm »
Remove the last slash
Logged
Tigger
Newbie
Posts: 13
Karma: 1
Re: C-icap seems to be inoperable in 17.7.5
«
Reply #8 on:
October 18, 2017, 08:26:19 pm »
Looks like this does the trick.
Also, while i was waiting for the answer, i looked into c-icap configs and found string "virus_scan?allow204=on&mode=simple", that also worked.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
[SOLVED] C-icap seems to be inoperable in 17.7.5
