[squid-users] essential ICAP service is suspended

From: Sean Boran <sean_at_boran.com>
Date: Tue, 4 Dec 2012 10:49:17 +0100

Hi,

I've been running a squid 3.3 live with SSL inspection for over a week, AV
scanning with clamav+c-icap work fine until now (about 500k GETS per day).
Then users started seen icap errors in their browser::

In the squid logs:
essential ICAP service is suspended: icap://127.0.0.1:1344/squidclamav
[down,susp,fail11]

c-icap was then tuned a bit:
- increase the number of processes (now have 90)
- set debug=0 (less logs`: they were massive)
- exclude large files from scanning and certain media types

The system was not that heavily loaded (load bout 0.3, icap getting maybe 20
requests/sec), the above measure did seem to make much difference.
Any suggestions for avoiding this?

Also, when this happens, squid takes a few minutes to talk to icap again:
 15:30:31 kid1| essential ICAP service is suspended:
icap://127.0.0.1:1344/squidclamav [down,susp,fail11]
 15:33:31 kid1| essential ICAP service is up:
icap://127.0.0.1:1344/squidclamav [up]

Is there a timeout variable to ask squid to talk to icap much quick again?

Squid config:
icap_enable on
icap_send_client_ip on
icap_send_client_username on
icap_client_username_encode off
icap_client_username_header X-Authenticated-User
icap_preview_enable on
icap_preview_size 1024
scanned via squidclamav Service via ICAP
icap_service service_req reqmod_precache bypass=1
icap://127.0.0.1:1344/squidclamav
adaptation_access service_req deny CONNECT
adaptation_access service_req allow all
icap_service service_resp respmod_precache bypass=0
icap://127.0.0.1:1344/squidclamav
adaptation_access service_resp deny CONNECT
adaptation_access service_resp allow all

Sean
Received on Tue Dec 04 2012 - 09:49:24 MST

This archive was generated by hypermail 2.2.0 : Tue Dec 04 2012 - 12:00:03 MST