Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 09-06-2011, 01:09 AM   #1
Tahir Saleh
LQ Newbie
Registered: Apr 2007
Posts: 19

Rep: Reputation: 0
squid configuration for icap server

I am to configure an icap server (GreasySpoon) using squid but the problem is I am not able to configure squid 3 alone using source as per requirement I believe for GreasySpoon. Here is the configuration file squid.conf:

# Recommended minimum configuration:
acl manager proto cache_object
acl localhost src ::1
acl to_localhost dst ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src	# RFC1918 possible internal network
acl localnet src	# RFC1918 possible internal network
acl localnet src	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

#acl mylan src

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http

# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost


# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
#http_access allow mylan

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

#  TAG: cache_peer
#	To specify other caches in a hierarchy, use the format:
#		cache_peer hostname type http-port icp-port [options]

#cache_peer localhost parent 51966 0 default no-query no-digest no-netdb-exchange

#  TAG: never_direct
#	Usage: never_direct allow|deny [!]aclname ...

#never_direct allow all

#http_port 3128 ssl-bump cert=/usr/local/squid3/etc/CA-priv+pub.pem

# Bumped requests have relative URLs so Squid has to use reverse proxy
# or accelerator code. By default, that code denies direct forwarding.
# The need for this option may disappear in the future.
#always_direct allow all

# -----------------------------------------------------------------------------

#  TAG: icap_enable	on|off
#	If you want to enable the ICAP module support, set this to on.
# icap_enable off
icap_enable on
#logformat icap_squid %ts.%03tu %6icap::tr %>a %icap::to/%03icap::Hs %icap::<st %icap::rm %icap::ru -/%icap::<A -
#icap_log /var/log/squid3/icap.log icap_squid

#  TAG: icap_service_revival_delay
#	The delay specifies the number of seconds to wait after an ICAP
#	OPTIONS request failure before requesting the options again. The
#	failed ICAP service is considered "down" until fresh OPTIONS are
#	fetched.
#	The actual delay cannot be smaller than the hardcoded minimum
#	delay of 30 seconds.
# icap_service_revival_delay 180
icap_service_revival_delay 30

#  TAG: icap_send_client_ip	on|off
#	This adds the header "X-Client-IP" to ICAP requests.
# icap_send_client_ip off
icap_send_client_ip on

#  TAG: icap_send_client_username	on|off
#	This sends authenticated HTTP client username (if available) to
#	the ICAP service. The username value is encoded based on the
#	icap_client_username_encode option and is sent using the header
#	specified by the icap_client_username_header option.
# icap_send_client_username off
icap_send_client_username on

#  TAG: icap_service
#	Defines a single ICAP service
# SQUID 3.1
icap_service service1 reqmod_precache 0 icap://localhost:1344/reqmod
adaptation_access service_req allow all
icap_service service_resp respmod_precache 0 icap://localhost:1344/respmod
adaptation_access service_resp allow all
Any help will be appreciated.


configuration, squid3

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
squid - icap server getviswa Linux - Server 1 06-05-2010 12:55 AM
Problem with configuration of Squid server behind a squid ajitup Linux - Server 13 08-12-2009 11:55 PM
squid c-icap download file problem xxx_anuj_xxx Linux - Server 0 03-04-2009 02:03 PM
Squid: special configuration for remote Squid server hamish Linux - Software 0 12-06-2005 04:58 PM
Squid + ICAP server = ? dimm_coder Linux - Software 0 12-09-2003 03:16 AM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 12:24 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration