We have a startup dependency problem

In order to perform HTTP and HTTPS filtering Squid calls ICAP server qlproxy and forwards the traffic to it for analysis. So qlproxy must be able to service requests from Squid right after its start. The latest Debian, Ubuntu and (probably) other Linux operating systems runs startup scripts in parallel so it is possible for qlproxy to be yet starting when Squid is already started. In this case you will get the ‘ICAP server error’ while trying to access any web site.

Solution for now is to restart Squid manually after making sure qlproxy is already started. We are working on instructions how to solve the daemon dependence startup problems for all supported operating systems.

Debian 6, 7 and Raspbian Wheezy
Debian 6 and 7 use the insserv startup system. It can be easily setup to start qlproxy before squid. See the online documentation section in https://github.com/ra-at-diladele-com/qlproxy_external/wiki/Install-on-Debian-6-and-7.

I will update this post later.

CentOS / RedHat
By default Squid and Diladele Web Safety on RedHat or CentOS Linux are started at the same time. This may lead to ‘ICAP server not accessible’ errors when Squid tries to access ICAP services of Diladele Web Safety before they are fully initialized. To solve this problem you need to change the start order of qlproxy and squid daemons.

  1. Disable automatic startup of qlproxy by running chkconfig qlproxy off
  2. Open the /etc/init.d/qlproxy startup script and find the line containing # chkconfig: - 90 25 and change it to # chkconfig: - 85 25.
  3. Enable automatic startup of qlproxy by running chkconfig qlproxy on and reboot your server.

FreeBSD 8, 9
In order to start Diladele Web Safety earlier than Squid on FreeBSD 8 and 9 the qlproxyd_enable="YES" record need to come earlier than squid_enable="YES" in /etc/rc.conf file. That is it.

Diladele B.V. Development Team.

About sichent

This entry was posted in ICAP. Bookmark the permalink.