Squid ICAP Client Configuration

Overview
Configuration Directives
        icap_enable
        icap_send_client_ip
        icap_preview_size
        icap_service
        icap_class
        icap_access
Example
Tips and Tricks


Overview

The configuration is done in the squid.conf. These are the configuration statements:

Services are selected on a per request basis. For every request, the icap_access statements are processed. If an acl list matches, the corresponding class (or service for backward compatibility) is associated with the request. An ICAP class is a collection of single ICAP services.


Configuration Directives

icap_enable

Syntax: icap_enable on|off
Default: icap_enable off

icap_enable switches the ICAP module on.


icap_send_client_ip

Syntax: icap_send_client_ip on|off
Default: icap_send_client_ip off

icap_send_client_ip switches the header "X-Client-IP" in ICAP requests on. This is useful if you want the ICAP server to do different things depending on the client IP.


icap_preview_size

Syntax: icap_preview_size size
Default: icap_preview_size -1

icap_preview_size sets the default preview size to be used. -1 means no preview.


icap_service

Syntax: icap_service name vpoint bypass url
Default: none

icap_service defines a single ICAP service.

"name" is an arbitrary name that is used in icap_class and icap_access to reference this service.

"vpoint" is the vectoring point where the service is plugged into. This can be one of reqmod_precache, reqmod_postcache, respmod_precache or respmod_postcache.

"bypass" specifies whether omitting the service is allowed when the server is not reachable. This can be either 1 or 0.

"url" is an ICAP URL as specified in the ICAP protocol specification.


icap_class

Syntax: icap_class service...
Default: none

icap_class collects services for a service list. This is useful when you want to use more than one ICAP service per request.


icap_access

Syntax: icap_access class|service allow|deny acl...
Default: none

icap_access builds up an access control list that is processed for each HTTP request. If all of the acls match, processing stops at this line. If the action is to allow, then the specified class or service will be used for this request. If the action is to deny, then processing will stop without using ICAP for this request. To make a deny rule clearer, you can use the special class "None" there.


Example

First, we will define some services:

icap_service service_1 reqmod_precache 0 icap://localhost:1344/reqmod
icap_service service_2 respmod_precache 0 icap://localhost:1344/respmod

We want to use these two services together in a request, so we will define a class:

icap_class class_1 service_1 service_2

We want to apply these ICAP services only between 10.00 and 12.00 for requests to the server foobar.com:

acl from_10_to_12 time 10:00 12:00
acl foobar_server url_regex foobar\.com

icap_access class_1 allow from_10_to_12 foobar_server

Tips and Tricks

You might experience long download times when using respmod and downloading data from servers that support persistent connections. As a workaround you can put this into your squid.conf:
server_persistent_connections off

Ralf Horstmann
Last update: 27-Jun-2002