How To Enable URL Filtering With Just Squid & C-ICAP

proxy http squid filtering
13,665

I'm trying to do the same. I got success configuring c-icap to block a request.

Your srv_url_check.conf seems to be incomplete. Mine is configured as follows:

Service urlcheck /usr/lib/x86_64-linux-gnu/c_icap/srv_url_check.so
url_check.LookupTableDB denyhosts url hash:/etc/c-icap/denyhosts.txt "Denied Host"
url_check.Profile denyProfile block denyhosts
url_check.ProfileAccess denyProfile all

The file denyhosts.txt, is a simple text file. Each line should contain a host to be block, such as:

mp3.com.au
xvideos.com
sex.com

And finally, you should uncomment line acl all src 0.0.0.0/0.0.0.0 into c-icap.conf.

Start your c-icap server like /usr/bin/c-icap -D -N -d 1 (adjust the log level (-d) as you wish) and test it using /usr/bin/c-icap-client -s url_check -req http://sex.com -v -d 1.

As a response, you will receive:

ICAP HEADERS:
    ICAP/1.0 200 OK
    Server: C-ICAP/0.4.2
    Connection: keep-alive
    ISTag: CI0001-XXXXXXXXX
    X-ICAP-Profile: denyProfile
    X-Attribute: denyhosts
    X-Attribute-Prefix: 7
    X-Response-Info: BLOCKED
    X-Response-Desc: URL category denyhosts is BLOCKED
    Encapsulated: res-hdr=0, res-body=108

RESPMOD HEADERS:
    HTTP/1.0 403 Forbidden
    Server: C-ICAP
    Content-Type: text/html
    Connection: close
    Content-Language: en

This is what I did so far...

Share:
13,665

Related videos on Youtube

user1647568
Author by

user1647568

Updated on September 18, 2022

Comments

  • user1647568
    user1647568 over 1 year

    Before I posted this question, I read several set up guides online, the squid docs, c-icap docus, and also the ICAP RFC (3507). Unfortunately, the documentation for SQUID and C-ICAP does not provide much in the way of examples when it comes to URL filtering, only when it comes to the simple set up of using ClamAv.

    So, I'm trying to figure out how to set up simple URL filtering using Squid and the C-ICAP Server. Specifically, I'm starting out trying to use SquidGuard Databases (but not the Squidguard program) as a source of black lists. I have Squid set up and running (proxying) just fine, and I have C-ICAP set up and running (responding to options request) just fine. However, I have no clue why the URL filtering is not running, as I've followed the examples as closely as possible.

    My squid.conf is set up as follows for ICAP:

    #Icap Options
icap_enable on
icap_service svcBlocker reqmod_precache icap://127.0.0.1:1344/srv_url_check bypass=off

    At the bottom of the c-icap.conf file, I have included the icap service I want to use:

    # End module: ldap_module
#URL Check Services
Include srv_url_check.conf

    I've set up the srv_url_check.conf file, following the c-icap documentation:

    # Default:
#None set
#Example: url_check.LoadSquidGuardDB audio-video /home/dranfu/Downloads/blacklists/audio-video/

    When I send an options request to C-ICAP, it works fine:

    ICAP server:localhost, ip:127.0.0.1, port:1344

OPTIONS:
    Allow 204: Yes
    Preview: 1024
    Keep alive: Yes

ICAP HEADERS:
    ICAP/1.0 200 OK:
    Methods:RESPMOD, REQMOD
    Service:C-ICAP/0.2.4 server - Echo demo service
    ISTag:CI0001-XXXXXXXXX
    Transfer-Preview:*
    Options-TTL:3600
    Date:Tue, 26 Feb 2013 10:57:13 GMT
    Preview:1024
    Allow:204
    X-Include:X-Authenticated-User, X-Authenticated-Groups
    Encapsulated:null-body=0

    But when I send a standard web request to a site that is on the blacklist, I get a fairly empty response:

    /usr/local/c-icap/bin/c-icap-client -p 8080 -req http://mp3.com.au 

ICAP server:localhost, ip:127.0.0.1, port:8080

    And furthermore, I am still able to proxy to the website with no problem. So, if anyone has any experience with setting up squid with pure C-ICAP using URL filtering, it would be awesome to have any assistance or basic guide on how to get this working. The documentation is just too sparse, for me at least, to figure out what is going wrong. No doubt it's something I'm missing, though.

    • Admin
      Admin about 11 years
      I expected this may be hard to answer, but I'm researching, and once I figure it out...or someone informs me, I'll post back here so someone can make use of it.
  • Scott Pack
    Scott Pack over 10 years
    Welcome to Server Fault! Whilst this may theoretically answer the question, it would be preferable to include the essential parts of the answer here, and provide the link for reference.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to configure Squid connection|read|write timeout per Request instead of Globally
503 Service Unavailable - What really it means?
Squid3 blocking all sites except restricted sites
NTLM through proxy server
Squid closing the connection on long HTTP GET requests
Is there any command-line, generic HTTP proxy (like Squid)?
How does one configure squid3 proxy to support http auth - quick and dirty
Squid refuses all websites when creating proxy server
How to use HttpClientBuilder with Http proxy?
Python socket module. Connecting to an HTTP proxy then performing a GET request on an external resource