We have a startup dependency problem

In order to perform HTTP and HTTPS filtering Squid calls ICAP server qlproxy and forwards the traffic to it for analysis. So qlproxy must be able to service requests from Squid right after its start. The latest Debian, Ubuntu and (probably) other Linux operating systems runs startup scripts in parallel so it is possible for qlproxy to be yet starting when Squid is already started. In this case you will get the ‘ICAP server error’ while trying to access any web site.

Solution for now is to restart Squid manually after making sure qlproxy is already started. We are working on instructions how to solve the daemon dependence startup problems for all supported operating systems.

Debian 6, 7 and Raspbian Wheezy
Debian 6 and 7 use the insserv startup system. It can be easily setup to start qlproxy before squid. See the online documentation section in https://github.com/ra-at-diladele-com/qlproxy_external/wiki/Install-on-Debian-6-and-7.

Ubuntu
I will update this post later.

CentOS / RedHat
By default Squid and Diladele Web Safety on RedHat or CentOS Linux are started at the same time. This may lead to ‘ICAP server not accessible’ errors when Squid tries to access ICAP services of Diladele Web Safety before they are fully initialized. To solve this problem you need to change the start order of qlproxy and squid daemons.

  1. Disable automatic startup of qlproxy by running chkconfig qlproxy off
  2. Open the /etc/init.d/qlproxy startup script and find the line containing # chkconfig: - 90 25 and change it to # chkconfig: - 85 25.
  3. Enable automatic startup of qlproxy by running chkconfig qlproxy on and reboot your server.

FreeBSD 8, 9
In order to start Diladele Web Safety earlier than Squid on FreeBSD 8 and 9 the qlproxyd_enable="YES" record need to come earlier than squid_enable="YES" in /etc/rc.conf file. That is it.

Diladele B.V. Development Team.

About sichent

sichent
This entry was posted in ICAP. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s