[strongSwan] What is the proper way to close an ICAP transaction?

Noel Kuntze noel.kuntze+strongswan-users-ml at thermi.consulting
Tue Nov 26 16:14:17 CET 2019


Wrong list.

Am 26.11.19 um 16:06 schrieb Felipe Arturo Polanco:
> Hi,
> 
> We have an ICAP server for Squid 4.
> 
> While we can successfully scan our files and do content adaptation, we have been struggling to find a way to close the ICAP transaction before passing the whole body back to squid and at the same time avoid squid marking one icap failure.
> 
> This is for an ICAP server that does Virus scanning and if virus found, the body is not sent back.
> 
> If we send an ICAP header with 500 then Squid mark us as ICAP FAILURE, if we don't send anything then Squid keeps awaiting on us and then timeout, increasing the icap failure counter by one and so on.
> 
> At some point squid just mark the server as down and stop sending transactions to it.
> 
> We have been overcoming this by having a low OPTIONs TTL but that seems inefficient for high traffic squid nodes.
> 
> Does anyone know how to proceed with this?
> 
> Thanks,

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20191126/d04b47c3/attachment.sig>


More information about the Users mailing list