[SOLVED] squid3-dev (3.3.10 pkg 2.2) + Clamav Antivirus won't start
-
Hi,
with "HTTPS/SSL interception" disabled I can start squid and everything works.But on reboot squid still hangs on boot "pw: no such user 'clamav", though it's running (all services start automatically)…
[2.1-RELEASE][admin@pfSense.novanis.srv.br]/root(199): squid -NsXY 2014/03/07 10:47:10.008| debug.cc(424) parseOptions: command-line -X overrides: ALL,7 2014/03/07 10:47:10.008| cache_manager.cc(102) registerProfile: registering legacy mem 2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: mem 2014/03/07 10:47:10.008| cache_manager.cc(102) registerProfile: registering legacy squidaio_counts 2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: squidaio_counts 2014/03/07 10:47:10.008| cache_manager.cc(87) registerProfile: registered profile: diskd 2014/03/07 10:47:10.008| rock/RockStoreFileSystem.cc(44) setup: Will use Rock FS 2014/03/07 10:47:10.008| Startup: Initializing Authentication Schemes ... 2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'basic' 2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'digest' 2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'negotiate' 2014/03/07 10:47:10.008| Startup: Initialized Authentication Scheme 'ntlm' 2014/03/07 10:47:10.008| Startup: Initialized Authentication. 2014/03/07 10:47:10.008| tools.cc(69) ProbeTransport: Detected IPv6 hybrid or v4-mapping stack... 2014/03/07 10:47:10.008| tools.cc(83) ProbeTransport: IPv6 transport Enabled 2014/03/07 10:47:10.008| Config.cc(39) registerTokens: register format tokens for 'adapt' 2014/03/07 10:47:10.008| Config.cc(39) registerTokens: register format tokens for 'icap' 2014/03/07 10:47:10.009| Config.cc(39) registerTokens: register format tokens for 'ssl' 2014/03/07 10:47:10.009| cache_cf.cc(609) parseConfigFile: 2014/03/07 10:47:10.009| cf_parser.cci(3203) free_all: 2014/03/07 10:47:10.009| Gadgets.cc(245) aclDestroyAcls: aclDestroyACLs: invoked 2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error 2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certHasExpired' 2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certHasExpired' 2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error' 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074d0 2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error 2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certNotYetValid' 2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certNotYetValid' 2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error' 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b074f0 2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error 2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certDomainMismatch' 2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certDomainMismatch' 2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error' 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07510 2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error 2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certUntrusted' 2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.009| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certUntrusted' 2014/03/07 10:47:10.009| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error' 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07530 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07550 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07570 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07590 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075b0 2014/03/07 10:47:10.009| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075d0 2014/03/07 10:47:10.009| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type ssl_error 2014/03/07 10:47:10.009| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.009| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certSelfSigned' 2014/03/07 10:47:10.009| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'ssl::certSelfSigned' 2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'ssl_error' 2014/03/07 10:47:10.010| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b075f0 2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src 2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'all' 2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src' 2014/03/07 10:47:10.010| Ip.cc(260) FactoryParse: aclIpParseIpData: all 2014/03/07 10:47:10.010| Ip.cc(264) FactoryParse: aclIpParseIpData: magic 'all' found. 2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type url_regex 2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'manager' 2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'manager' 2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'url_regex' 2014/03/07 10:47:10.010| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file 2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '-i' 2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^cache_object://' 2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '+i' 2014/03/07 10:47:10.010| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '^https?://[^/]+/squid-internal-mgr/' 2014/03/07 10:47:10.010| RegexData.cc(214) compileOptimisedREs: compileOptimisedREs: -i 2014/03/07 10:47:10.010| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^cache_object://' 2014/03/07 10:47:10.010| RegexData.cc(228) compileOptimisedREs: compileOptimisedREs: +i 2014/03/07 10:47:10.010| RegexData.cc(173) compileRE: compileRE: compiled '(^cache_object://)' with flags 7 2014/03/07 10:47:10.010| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '^https?://[^/]+/squid-internal-mgr/' 2014/03/07 10:47:10.010| RegexData.cc(173) compileRE: compileRE: compiled '(^https?://[^/]+/squid-internal-mgr/)' with flags 5 2014/03/07 10:47:10.010| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 2 REs are optimised into one RE. 2014/03/07 10:47:10.010| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src 2014/03/07 10:47:10.010| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.010| Acl.cc(61) FindByName: ACL::FindByName 'localhost' 2014/03/07 10:47:10.010| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.010| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'localhost' 2014/03/07 10:47:10.010| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src' 2014/03/07 10:47:10.010| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.1/32 2014/03/07 10:47:10.010| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.1/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.] 2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128) 2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1 2014/03/07 10:47:10.011| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1 2014/03/07 10:47:10.011| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]' 2014/03/07 10:47:10.011| Ip.cc(446) FactoryParse: ::1 --> [::1] 2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped. 2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped. 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.1/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.1) vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1]) vs 127.0.0.1-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] 2014/03/07 10:47:10.011| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type dst 2014/03/07 10:47:10.011| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.011| Acl.cc(61) FindByName: ACL::FindByName 'to_localhost' 2014/03/07 10:47:10.011| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.011| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'to_localhost' 2014/03/07 10:47:10.011| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'dst' 2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: 127.0.0.0/8 2014/03/07 10:47:10.011| Ip.cc(368) FactoryParse: aclIpParseIpData: '127.0.0.0/8' matched: SCAN3-v4: %[0123456789.]/%[0123456789.] 2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0](/104) 2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: 0.0.0.0/32 2014/03/07 10:47:10.011| Ip.cc(368) FactoryParse: aclIpParseIpData: '0.0.0.0/32' matched: SCAN3-v4: %[0123456789.]/%[0123456789.] 2014/03/07 10:47:10.011| Ip.cc(500) FactoryParse: Parsed: 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff](/128) 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 127.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (127.0.0.0) vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0] (0.0.0.0) vs 127.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ff00:0] 2014/03/07 10:47:10.011| Ip.cc(260) FactoryParse: aclIpParseIpData: ::1 2014/03/07 10:47:10.011| Ip.cc(405) FactoryParse: aclIpParseIpData: Lookup Host/IP ::1 2014/03/07 10:47:10.011| Ip.cc(439) FactoryParse: aclIpParseIpData: Located host/IP: '[::1]' 2014/03/07 10:47:10.011| Ip.cc(446) FactoryParse: ::1 --> [::1] 2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped. 2014/03/07 10:47:10.011| Ip.cc(432) FactoryParse: aclIpParseIpData: Duplicate host/IP: '[::1]' dropped. 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: 0.0.0.0/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] (0.0.0.0) vs [::1]-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] 2014/03/07 10:47:10.011| Ip.cc(134) aclIpAddrNetworkCompare: aclIpAddrNetworkCompare: compare: [::1]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] ([::1]) vs 0.0.0.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff] 2014/03/07 10:47:10.011| Processing Configuration File: /usr/pbi/squid-i386/etc/squid/squid.conf (depth 0) 2014/03/07 10:47:10.012| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 10.1.1.1:3128 2014/03/07 10:47:10.012| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66210 2014/03/07 10:47:10.012| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 10.1.1.1 --> 10.1.1.1:3128 2014/03/07 10:47:10.012| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66210=1 2014/03/07 10:47:10.012| cache_cf.cc(557) parseOneConfigFile: Processing: http_port 127.0.0.1:3128 intercept 2014/03/07 10:47:10.012| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b66310 2014/03/07 10:47:10.012| cache_cf.cc(3551) parsePortSpecification: http_port: Listen on Host/IP: 127.0.0.1 --> 127.0.0.1:3128 2014/03/07 10:47:10.012| Starting Authentication on port 127.0.0.1:3128 2014/03/07 10:47:10.012| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2014/03/07 10:47:10.012| Disabling IPv6 on port 127.0.0.1:3128 (interception enabled) 2014/03/07 10:47:10.013| cbdata.cc(419) cbdataInternalLock: cbdataLock: 0x28b66310=1 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: icp_port 7 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: dns_v4_first off 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: pid_filename /var/run/squid.pid 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_effective_user proxy 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_effective_group proxy 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: error_default_language en 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: icon_directory /usr/pbi/squid-i386/etc/squid/icons 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: visible_hostname localhost 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_mgr admin@localhost 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: access_log /dev/null 2014/03/07 10:47:10.013| cache_cf.cc(4042) parse_access_log: Log definition name 'squid' file '/dev/null' 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_log /var/squid/logs/cache.log 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: cache_store_log none 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: logfile_rotate 0 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: shutdown_lifetime 3 seconds 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: acl localnet src 10.1.1.0/24 2014/03/07 10:47:10.013| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src 2014/03/07 10:47:10.013| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.013| Acl.cc(61) FindByName: ACL::FindByName 'localnet' 2014/03/07 10:47:10.013| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.013| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'localnet' 2014/03/07 10:47:10.013| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src' 2014/03/07 10:47:10.013| Ip.cc(260) FactoryParse: aclIpParseIpData: 10.1.1.0/24 2014/03/07 10:47:10.013| Ip.cc(368) FactoryParse: aclIpParseIpData: '10.1.1.0/24' matched: SCAN3-v4: %[0123456789.]/%[0123456789.] 2014/03/07 10:47:10.013| Ip.cc(500) FactoryParse: Parsed: 10.1.1.0-[::]/[ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00](/120) 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: uri_whitespace strip 2014/03/07 10:47:10.013| cache_cf.cc(557) parseOneConfigFile: Processing: acl dynamic urlpath_regex cgi-bin \? 2014/03/07 10:47:10.013| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type urlpath_regex 2014/03/07 10:47:10.013| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.013| Acl.cc(61) FindByName: ACL::FindByName 'dynamic' 2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'dynamic' 2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'urlpath_regex' 2014/03/07 10:47:10.014| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file 2014/03/07 10:47:10.014| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE 'cgi-bin' 2014/03/07 10:47:10.014| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '\?' 2014/03/07 10:47:10.014| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE 'cgi-bin' 2014/03/07 10:47:10.014| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE '\?' 2014/03/07 10:47:10.014| RegexData.cc(173) compileRE: compileRE: compiled '(cgi-bin)|(\?)' with flags 5 2014/03/07 10:47:10.014| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 2 REs are optimised into one RE. 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache deny dynamic 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64440 2014/03/07 10:47:10.014| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'dynamic' 2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'dynamic' 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache_mem 8 MB 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: maximum_object_size_in_memory 32 KB 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: memory_replacement_policy heap GDSF 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache_replacement_policy heap LFUDA 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: minimum_object_size 0 KB 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: maximum_object_size 10 KB 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: offline_mode off 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: cache allow all 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b644a0 2014/03/07 10:47:10.014| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl allsrc src all 2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type src 2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'allsrc' 2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'allsrc' 2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'src' 2014/03/07 10:47:10.014| Ip.cc(260) FactoryParse: aclIpParseIpData: all 2014/03/07 10:47:10.014| Ip.cc(264) FactoryParse: aclIpParseIpData: magic 'all' found. 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535 2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type port 2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.014| Acl.cc(61) FindByName: ACL::FindByName 'safeports' 2014/03/07 10:47:10.014| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.014| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'safeports' 2014/03/07 10:47:10.014| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'port' 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b077b0 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07830 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07850 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07870 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07890 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078b0 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078d0 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b078f0 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07910 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07930 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07950 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07970 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07990 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b079b0 2014/03/07 10:47:10.014| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b079d0 2014/03/07 10:47:10.014| cache_cf.cc(557) parseOneConfigFile: Processing: acl sslports port 443 563 2014/03/07 10:47:10.014| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type port 2014/03/07 10:47:10.014| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'sslports' 2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'sslports' 2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'port' 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07a30 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07a50 2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl purge method PURGE 2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type method 2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'purge' 2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'purge' 2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'method' 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64530 2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl connect method CONNECT 2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type method 2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'connect' 2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'connect' 2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'method' 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64560 2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl HTTP proto HTTP 2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type proto 2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'HTTP' 2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'HTTP' 2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'proto' 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07b10 2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl HTTPS proto HTTPS 2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type proto 2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'HTTPS' 2014/03/07 10:47:10.015| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.015| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'HTTPS' 2014/03/07 10:47:10.015| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'proto' 2014/03/07 10:47:10.015| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b07b50 2014/03/07 10:47:10.015| cache_cf.cc(557) parseOneConfigFile: Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl" 2014/03/07 10:47:10.015| Acl.cc(400) Registered: ACL::Prototype::Registered: invoked for type dstdom_regex 2014/03/07 10:47:10.015| Acl.cc(404) Registered: ACL::Prototype::Registered: yes 2014/03/07 10:47:10.015| Acl.cc(61) FindByName: ACL::FindByName 'blacklist' 2014/03/07 10:47:10.016| Acl.cc(67) FindByName: ACL::FindByName found no match 2014/03/07 10:47:10.016| Acl.cc(161) ParseAclLine: aclParseAclLine: Creating ACL 'blacklist' 2014/03/07 10:47:10.016| Acl.cc(436) Factory: ACL::Prototype::Factory: cloning an object for type 'dstdom_regex' 2014/03/07 10:47:10.016| RegexData.cc(323) aclParseRegexList: aclParseRegexList: new Regex line or file 2014/03/07 10:47:10.016| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE '-i' 2014/03/07 10:47:10.016| RegexData.cc(331) aclParseRegexList: aclParseRegexList: buffering RE 'facebook.com' 2014/03/07 10:47:10.016| RegexData.cc(214) compileOptimisedREs: compileOptimisedREs: -i 2014/03/07 10:47:10.016| RegexData.cc(238) compileOptimisedREs: compileOptimisedREs: adding RE 'facebook.com' 2014/03/07 10:47:10.016| RegexData.cc(173) compileRE: compileRE: compiled '(facebook.com)' with flags 7 2014/03/07 10:47:10.016| RegexData.cc(281) compileOptimisedREs: compileOptimisedREs: 1 REs are optimised into one RE. 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow manager localhost 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64590 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'manager' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'manager' 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localhost' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'localhost' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny manager 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64500 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'manager' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'manager' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow purge localhost 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64620 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'purge' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'purge' 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localhost' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'localhost' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny purge 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b645f0 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'purge' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'purge' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny !safeports 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64680 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'safeports' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'safeports' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny CONNECT !sslports 2014/03/07 10:47:10.016| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b646e0 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'CONNECT' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'CONNECT' 2014/03/07 10:47:10.016| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'sslports' 2014/03/07 10:47:10.016| Acl.cc(61) FindByName: ACL::FindByName 'sslports' 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: request_body_max_size 0 KB 2014/03/07 10:47:10.016| cache_cf.cc(557) parseOneConfigFile: Processing: delay_pools 1 2014/03/07 10:47:10.017| event.cc(346) schedule: schedule: Adding 'DelayPools::Update', in 1.00 seconds 2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_class 1 2 2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_parameters 1 -1/-1 -1/-1 2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_initial_bucket_level 100 2014/03/07 10:47:10.017| cache_cf.cc(557) parseOneConfigFile: Processing: delay_access 1 allow allsrc 2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b646b0 2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'allsrc' 2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'allsrc' 2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny blacklist 2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64740 2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'blacklist' 2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'blacklist' 2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access allow localnet 2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64770 2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'localnet' 2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'localnet' 2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: http_access deny allsrc 2014/03/07 10:47:10.018| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b647a0 2014/03/07 10:47:10.018| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'allsrc' 2014/03/07 10:47:10.018| Acl.cc(61) FindByName: ACL::FindByName 'allsrc' 2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: icap_enable on 2014/03/07 10:47:10.018| cache_cf.cc(557) parseOneConfigFile: Processing: icap_send_client_ip on 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_send_client_username on 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_client_username_encode off 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_client_username_header X-Authenticated-User 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_preview_enable on 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_preview_size 1024 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_service service_req reqmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav 2014/03/07 10:47:10.019| ServiceConfig.cc(174) grokUri: /usr/pbi/squid-i386/etc/squid/squid.conf:103: service protocol is icap 2014/03/07 10:47:10.019| ServiceConfig.cc(148) parse: /usr/pbi/squid-i386/etc/squid/squid.conf:103: adaptation_service service_req REQMOD_PRECACHE 00 icap://127.0.0.1:1344/squidclamav 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: icap_service service_resp respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav 2014/03/07 10:47:10.019| ServiceConfig.cc(174) grokUri: /usr/pbi/squid-i386/etc/squid/squid.conf:104: service protocol is icap 2014/03/07 10:47:10.019| ServiceConfig.cc(148) parse: /usr/pbi/squid-i386/etc/squid/squid.conf:104: adaptation_service service_resp RESPMOD_PRECACHE 00 icap://127.0.0.1:1344/squidclamav 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: adaptation_access service_req allow all 2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64a10 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.019| cache_cf.cc(557) parseOneConfigFile: Processing: adaptation_access service_resp allow all 2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64aa0 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b649b0 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.019| wccp2.cc(533) wccp2_add_service_list: wccp2_add_service_list: added service id 0 2014/03/07 10:47:10.019| cbdata.cc(324) cbdataInternalAlloc: cbdataAlloc: 0x28b64b00 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'ssl::certUntrusted' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certUntrusted' 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'ssl::certSelfSigned' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'ssl::certSelfSigned' 2014/03/07 10:47:10.019| Gadgets.cc(220) aclParseAclList: aclParseAclList: looking for ACL name 'all' 2014/03/07 10:47:10.019| Acl.cc(61) FindByName: ACL::FindByName 'all' 2014/03/07 10:47:10.020| tools.cc(585) uniqueHostname: Config: ' 2014/03/07 10:47:10.020| tools.cc(585) uniqueHostname: Config: ' 2014/03/07 10:47:10.020| Initializing https proxy context 2014/03/07 10:47:10.021| support.cc(1000) sslCreateClientContext: Using SSLv2/SSLv3. 2014/03/07 10:47:10.021| support.cc(1052) sslCreateClientContext: Setting RSA key generation callback. 2014/03/07 10:47:10.021| support.cc(1059) sslCreateClientContext: Setting certificate verification callback. 2014/03/07 10:47:10.021| support.cc(1063) sslCreateClientContext: Setting CA certificate locations. 2014/03/07 10:47:10.021| tools.cc(597) leave_suid: leave_suid: PID 5747 called 2014/03/07 10:47:10.021| tools.cc(619) leave_suid: leave_suid: PID 5747 giving up root, becoming 'proxy' 2014/03/07 10:47:10.021| debug.cc(424) parseOptions: command-line -X overrides: ALL,1
-
Neither squidguard nor antivirus start at the start up, I have to login and manually save squid setting, than voila it works, please see my log of startup and after I click save in squid.
-
Can anyone please inform me why when i enable the antivirus then i cannot serf the web ?
The following error appears :
==========quote============
ERROR in the browser
The following error was encountered while trying to retrieve the URL:
http://google.com
ICAP protocol error.The system returned: [No Error]
This means that some aspect of the ICAP communication failed.
Some possible problems are:
*
The ICAP server is not reachable.
*An Illegal response was received from the ICAP server.
==================unquote =====================
If i run the client to the console
/usr/local/bin/c-icap-client
ICAP server:localhost, ip:127.0.0.1, port:1344OPTIONS:
Allow 204: Yes
Preview: 1024
Keep alive: YesICAP HEADERS:
ICAP/1.0 200 OK:
Methods:RESPMOD, REQMOD
Service:C-ICAP/0.2.5 server - Echo demo service
ISTag:CI0001-XXXXXXXXX
Transfer-Preview:*
Options-TTL:3600
Date:Tue, 11 Mar 2014 13:54:59 GMT
Preview:1024
Allow:204
X-Include:X-Authenticated-User, X-Authenticated-Groups
Encapsulated:null-body=0and all the services seems that are running .
I look forward for your responses .
-
usabug, can you try with pfsense 32 bits?
-
usabug, can you try with pfsense 32 bits?
Dear Marcelloc ,
I can try but if i use 32 bit operating system then i can only use only 4GB ram .
The server right now has onboard 16G ram .
If i use the 32 bit operating system i have to install a kernel with Physical address extension , witch these solution is not an option cause it makes too much crushes .
But if you want me to do it just for test , i can do it
-
First i want to thank you guys for your work @ Eduardo Gonçalves & marcelloc
How can we help you with your work? Tomorrow my Testing-System should be running again and i have a little time for testing!
-
How can we help you with your work?
The problem is that c-icap is crashing when called by squid. you can check it on squid logs.
-
Working with squid3-devel in non-transparent mode, in transparent mode for http but when I activated transparent mode for https doesn't work.
Here is my /var/log/system.log
Mar 13 20:47:24 fw2 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Mar 13 20:47:24 fw2 php: /pkg_edit.php: Reloading Squid for configuration sync Mar 13 20:47:24 fw2 check_reload_status: Reloading filter Mar 13 20:47:25 fw2 check_reload_status: Syncing firewall Mar 13 20:47:25 fw2 php: /pkg_edit.php: [Squid] - Squid_resync function call pr:1 bp: rpc:no Mar 13 20:47:25 fw2 php: /pkg_edit.php: Reloading Squid for configuration sync Mar 13 20:47:25 fw2 squid: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Mar 13 20:47:25 fw2 php: /pkg_edit.php: The command '/usr/pbi/squid-i386/sbin/squid -k reconfigure -f /usr/pbi/squid-i386/etc/squid/squid.conf' returned exit code '1', the output was '2014/03/13 20:47:25| FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Squid Cache (Version 3.3.10): Terminated abnormally. CPU Usage: 0.008 seconds = 0.008 user + 0.000 sys Maximum Resident Size: 28544 KB Page faults with physical i/o: 0'
Similar problem and clamav is not yet activated. I'm implementing squid3-devel step-by-step…
I tried stop/start squid and same result.
FATAL: tproxy/intercept on https_port requires ssl-bump which is missing. FATAL: Bungled /usr/pbi/squid-i386/etc/squid/squid.conf line 6: https_port 127.0.0.1:3129 intercept Squid Cache (Version 3.3.10): Terminated abnormally.
-
My system is 32 bit…
Differences in squid.conf when applying for transparent SSL mode:
diff squid.conf_transparent.txt squid.conf_transparent_ssl.txt 4,5c4,6 < http_port 192.168.1.1:3128 < http_port 127.0.0.1:3128 intercept --- > http_port 192.168.1.1:3128 > http_port 127.0.0.1:3128 intercept > https_port 127.0.0.1:3129 intercept 87a89,90 > always_direct allow all > ssl_bump server-first all
-
Working, but…
Must I create my own CA?
Can I use an "official" CA or not?
diff squid.conf_transparent_ssl.txt squid.conf_transparent_ssl_myself.txt 4,6c4,9 < http_port 192.168.1.1:3128 < http_port 127.0.0.1:3128 intercept < https_port 127.0.0.1:3129 intercept --- > http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/ > > http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/ > > https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/pbi/squid-i386/etc/squid/serverkey.pem capath=/usr/pbi/squid-i386/share/certs/ > 18a22,25 > sslcrtd_program /usr/pbi/squid-i386/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 > sslcrtd_children 5 > sslproxy_capath /usr/pbi/squid-i386/share/certs/ > sslproxy_cert_adapt setCommonName all
I will like not do do this:
Install the CA crt as an trusted ca on each computer you want to filter ssl to avoid ssl error on each connection.
Could be, in fact, impossible. A lot of BYOD (http://en.wikipedia.org/wiki/Bring_your_own_device)…
-
Yes you must create your own ca! I think it is not possible to use an "official" CA, because you are using a Man-In-The-Middle Attack to fetch and control https traffic.
Of course every https filter will use a MITM-attack so the client must have a trusted wildcard cert of the controling unit.A Solution can be to have a non transparent SSL-Proxy and only devices that are under your control are forced to use Proxy.