I've got a bit further with this and I'm starting to understand ICAP talk. I've got a Go server working which I can talk to through netcat:
$ nc localhost 1344 REQMOD icap://192.168.0.7/ ICAP/1.0 GET / HTTP/1.1 Host: dvwa.test Accept: text/html, text/plain, image/gif Accept-Encoding: gzip, compress ICAP/1.0 200 OK Encapsulated: req-hdr=0, null-body=141 GET / HTTP/1.1 Host: dvwa.test Accept: text/html, text/plain, image/gif Accept-Encoding: gzip, compress X-Modified-By: Go ICAP Server On the server side I see: This is the request REQMOD icap://192.168.0.7/ ICAP/1.0 Received request: REQMOD icap://192.168.0.7/ ICAP/1.0 Original Request Headers: GET / HTTP/1.1 Host: dvwa.test Accept: text/html, text/plain, image/gif Accept-Encoding: gzip, compress Modified request sent back ICAP/1.0 200 OK Encapsulated: req-hdr=0, null-body=141 GET / HTTP/1.1 Host: dvwa.test Accept: text/html, text/plain, image/gif Accept-Encoding: gzip, compress X-Modified-By: Go ICAP Server If I try to use curl through Squid pointing at that server: $ curl "http://dvwa.test/a?xsa"; --proxy localhost:3128 dvwa.test is at 192.168.0.42. I get this in the ICAP server: This is the request REQMOD icap://192.168.0.7:1344/ ICAP/1.0 Received request: REQMOD icap://192.168.0.7:1344/ ICAP/1.0 Original Request Headers: Host: 192.168.0.7:1344 Date: Fri, 07 Feb 2025 12:26:25 GMT Encapsulated: req-hdr=0, null-body=93 Allow: 204, trailers Modified request sent back ICAP/1.0 200 OK Encapsulated: req-hdr=0, null-body=155 Host: 192.168.0.7:1344 Date: Fri, 07 Feb 2025 12:26:25 GMT Encapsulated: req-hdr=0, null-body=93 Allow: 204, trailers X-Modified-By: Go ICAP Server Squid then gives the same error as before, ERR_ICAP_FAILURE. Robin On Fri, 7 Feb 2025 at 10:15, Robin Wood <squid@digi.ninja> wrote: > Hi > I want to write my own ICAP server, but all the sample code I've found is > failing, the majority with this error from squidclient: > > squidclient -h 192.168.0.7 -p 1344 icap://192.168.0.7:1344/request_mod > ICAP/1.0 400 Bad Request > > And this error when accessed through Squid itself: > > ICAP protocol error. > > The system returned: [No Error] > > This means that some aspect of the ICAP communication failed. > > I've got this in my squid.conf: > > # Enable ICAP for request and response modification > icap_enable on > icap_service service_req reqmod_precache icap:// > 192.168.0.7:1344/request_mod > icap_service service_resp respmod_precache icap:// > 192.168.0.7:1344/response_mod > > # ICAP adaptation rules > adaptation_access service_req allow all > adaptation_access service_resp allow all > > And I've tried running both Python and Ruby servers taken from various > places. A lot are logging that they've received and replied to requests: > > Received request: OPTIONS icap://192.168.0.7:1344/request_mod ICAP/1.0 > Responded to OPTIONS request > > The servers are all listening, I've checked that: > > $ ss -antp | grep 1344 > LISTEN 0 4096 0.0.0.0:1344 > 0.0.0.0:* users:(("ruby",pid=563029,fd=5)) > > The closest I've got is this one: > > https://gist.github.com/digininja/a98b3567e0aeb218d37cdd337bb12f34 > > It seems to be working as it sees the headers and says it has returned > data: > > Received request: REQMOD icap://192.168.0.7:1344/request_mod ICAP/1.0 > Original Headers: > Host: 192.168.0.7:1344 > Date: Fri, 07 Feb 2025 10:10:30 GMT > Encapsulated: req-hdr=0, null-body=91 > Preview: 0 > Allow: 204, trailers > Modified request sent back > > But I still get errors. > > What could be wrong? > > Does someone have some example server code they know works that I can test > to help debug it? > > Robin >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
