[strongSwan] What is the proper way to close an ICAP transaction?

Felipe Arturo Polanco felipeapolanco at gmail.com
Tue Nov 26 16:06:57 CET 2019


We have an ICAP server for Squid 4.

While we can successfully scan our files and do content adaptation, we have
been struggling to find a way to close the ICAP transaction before passing
the whole body back to squid and at the same time avoid squid marking one
icap failure.

This is for an ICAP server that does Virus scanning and if virus found, the
body is not sent back.

If we send an ICAP header with 500 then Squid mark us as ICAP FAILURE, if
we don't send anything then Squid keeps awaiting on us and then timeout,
increasing the icap failure counter by one and so on.

At some point squid just mark the server as down and stop sending
transactions to it.

We have been overcoming this by having a low OPTIONs TTL but that seems
inefficient for high traffic squid nodes.

Does anyone know how to proceed with this?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191126/64050d52/attachment.html>

More information about the Users mailing list