eCAP

ERR_ICAP_FAILURE without loadable_modules

Asked by Bùi Huy Long

I have tried the first following configuration on the system :

Squid Version: squid-3.4.5; sample-0.2.1; libecap-0.2.0 | Also tried squid-3.5.21; Libecap-1.0.0; libecap-example-1.0.1
OS: Centos 6 64 bits
VMware: 6.

Then I follow the guideline from this URL, to test out how ecap works: http://www.e-cap.org/Documentation

The first Scenario of replacing "the" word to "a" word.

Here is the configuration & test result is as what the guideline tells:

Squid.conf: This test result is OK, worked as expected.
==============================================================
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_enable on
ecap_service ecapModifier respmod_precache
        uri = ECAP: //e-cap.org/ecap/services/sample/modifying
        the victim = the
        replacement = a
adaptation_access ecapModifier allow all
accept-Encoding request_header_access deny all
===============================================================

The second scenario, is to, inject the javascript into the squid cache, however, with the guideline & sample configuration from the site gave me error.

Squid.conf: Test is NOT OK
===============================================================
ecap_enable on
ecap_service ecapModifier respmod_precache
        uri = ECAP: //e-cap.org/ecap/services/sample/modifying
        victim = </ body> \
        replacement-src =/usr/local/squid/etc/my-injection.html
adaptation_access ecapModifier allow all
===============================================================

Here is the completed configuration file that we are currently using:

Config file squid.conf
#
# Recommended minimum configuration:
#

# Example rule either, allowing local access networks khỏi.
# Adapt to list ngôn (internal) IP networks from where browsing
# Shouldnt be allowed
#acl localnet src # RFC1918 possible The internal network 10.0.0.0/8
#acl localnet src # RFC1918 possible The internal network 172.16.0.0/12
localnet acl src # RFC1918 possible The internal network 192.168.4.0/24
src localnet #acl fc00 :: / 7 # RFC 4193 private local network range
src localnet #acl fe80 :: / 10 link-local # RFC 4291 machines

acl SSL_ports port 443
acl Safe_ports # http port 80
acl Safe_ports 21 # ftp port
# https port 443 acl Safe_ports
acl port Safe_ports 70 # gopher
acl port Safe_ports 210 # wais
Unregistered Safe_ports acl ports port # 1025-65535
acl Safe_ports 280 # http-mgmt port
acl Safe_ports 488 # GSS-http port
acl port Safe_ports 591 # FileMaker
acl 777 # MultiLing http port Safe_ports
acl CONNECT CONNECT method

#
# Recommended minimum configuration Access Permission:
#
# Deny requests to Certain unsafe ports
http_access deny! Safe_ports

# Deny CONNECT to other coal ports SSL secure
http_access deny CONNECT! SSL_ports

# Only allow access from localhost cachemgr
http_access allow manager localhost
http_access deny manager

We Strongly recommend # sau be uncommented to protect innocent
# Web applications running on the proxy server who think the only
# One who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE (S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule either, allowing local access networks khỏi.
# Adapt localnet in the ACL section to list ngôn (internal) IP networks
From where browsing # shouldnt be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

Listens to port Squid thường # 3128
#http_port 3128
3128 http_port transparent
SSL #config
3129 https_port transparent connection ssl-bump-auth = off generate-host-certificates = on dynamic_cert_mem_cache_size = 16MB cert = / etc / squid / ssl / squid.pem key =/etc/squid/ssl/squid.key ECDHE-RSA cipher = -RC4-SHA: RSA-AES128-ECDHE-SHA: DHE-RSA-AES128-SHA: DHE-RSA-CAMELLIA128-SHA: AES128-SHA: RC4-SHA: HIGH:! aNULL:! MD5:! ADH
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/lib/ -M 16MB squid_ssl_db
sslcrtd_children 50 idle startup = 5 = 1
ssl_bump none localhost
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER
always_direct allow all

# Uncomment and adjust on the drop to add a disk cache directory.
#cache_dir ufs /var/cache/ squid 100 16 256
cache_dir ufs /var/cache/ squid 10000 32 512

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of Your Own những refresh_pattern above entries.
#
refresh_pattern ^ ftp: 1440 20% 10080
refresh_pattern ^ gopher: 1440 1440 0%
refresh_pattern -i (/ cgi-bin / | \?) 0 0% 0
refresh_pattern. 0 20% 4320

ecap_enable on
ecap_service ecapModifier respmod_precache \
        uri = ECAP: //e-cap.org/ecap/services/sample/modifying \
        victim = </ body> \
        replacement-src = /usr/local/squid/etc/my-injection.html
adaptation_access ecapModifier allow all

==================================================================

Compiled the Squid with the following parameters in order to enable the modules as following:

[root@XXX]# squid -v
Squid Cache: Version 3.4.5
configure options: '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--with-logdir=$(localstatedir)/log/squid' '--with-pidfile=$(localstatedir)/run/squid.pid' '--disable-dependency-tracking' '--enable-follow-x-forwarded-for' '--enable-auth' '--enable-auth-basic=DB,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam' '--enable-auth-ntlm=smb_lm,fake' '--enable-auth-digest=file,LDAP,eDirectory' '--enable-auth-negotiate=kerberos,wrapper' '--enable-external-acl-helpers=wbinfo_group,kerberos_ldap_group,AD_group' '--enable-cache-digests' '--enable-cachemgr-hostname=localhost' '--enable-delay-pools' '--enable-epoll' '--enable-icap-client' '--enable-ident-lookups' '--enable-linux-netfilter' '--enable-removal-policies=heap,lru' '--enable-snmp' '--enable-storeio=aufs,diskd,ufs,rock' '--enable-wccpv2' '--enable-esi' '--enable-ssl' '--enable-ssl-crtd' '--enable-ecap' '--enable-icmp' '--with-aio' '--with-default-user=squid' '--with-filedescriptors=16384' '--with-dl' '--with-openssl' '--with-pthreads' '--with-included-ltdl' '--disable-arch-native' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fPIC' 'PKG_CONFIG_PATH=/usr/lib64/pkgconfig:/usr/share/pkgconfig' '--enable-ltdl-convenience'

When browsing on the browser, the Browser returns :

The following error was encountered while trying to retrieve the URL
ICAP protocal error
The system returned: [No Error]
This means that some aspect of the ICAP communication failed
Some possible problems are:
The ICAP server is not reachable
An Illegal response was received from the ICAP server

=============================================================================

Thanks,

Question information

Language:
English Edit question
Status:
Answered
For:
eCAP Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Alex Rousskov (rousskov) said : 		#1

FYI: The configuration you pasted appears garbled -- words transposed, spaces added, capitalization changed, etc.

I cannot tell why you are receiving that error message based on the information you have provided. However, I can recommend that you upgrade to Squid v3.5 and eCAP v1.0 before proceeding any further because Squid v3.4 has many bugs and eCAP sample v0.2.1 has at least one known bug.

Revision history for this message
Bùi Huy Long (longbh) said : 		#2

We thank Alex Rousskov answered.

I use squid 3.5 and ECAP sample v1.0 was also same errors.

Such errors, on the Squid Server do I need to install ICAP Server does not?

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#3

No, you do not need an ICAP server to use eCAP. Squid adaptation error messages say "ICAP" but that is just a hard-coded string in the default message text. It is not an indication that you need ICAP.

It is strange that you receive these error messages with a modern Squid -- it is being used successfully by many. To make progress, I suggest that you post your squid.conf together with Squid cache.log after setting debug_options to ALL,9 and reproducing the problem using a single transaction: http://wiki.squid-cache.org/SquidFaq/BugReporting#Debugging_a_single_transaction

Since there appears to be no way to attach files to Launchpad questions, you should post them elsewhere (e.g., your server, DropBox, Google drive, etc.) and paste links to them here -- do not copy-paste large files.

Revision history for this message
Bùi Huy Long (longbh) said : 		#4

I provide you with some information

File configuration:
- quid.conf
- iptables
- sysctl.conf
- routing in server.txt

Squid log file in the folder:
- access.log
- cache.log
- squid.out

URL download: http://fsend.vn/ILeDm4CT

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#5

You forgot to load the adapter and ignored Squid warning about that:

    WARNING: configured ecap_service was not loaded: ecap://e-cap.org/ecap/services/sample/modifying

See http://www.squid-cache.org/Doc/config/loadable_modules/

Revision history for this message
Bùi Huy Long (longbh) said : 		#6

1. I have load ecap_adapter_modifying.so module after it has run
ex: loadable_modules /usr/local/lib/ecap_adapter_modifying.so

2. But when the load ecap_adapter_minimal.so module but still the same error
ex: loadable_modules /usr/local/lib/ecap_adapter_minimal.so

URL dowload log: http://fsend.vn/6indtyV5

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#7

The first set of files that you shared indicate that you forgot to load the adapter for the configured service:

  $ egrep 'module|ecap_service' squid.conf
  ecap_service ... uri=ecap://e-cap.org/ecap/services/sample/modifying

Squid warned you about your mistake:

WARNING: configured ecap_service was not loaded: ecap://e-cap.org/ecap/services/sample/modifying

The second set of files that you shared indicate that you load a minimal adapter but configure a modifying service:

  $ egrep 'module|ecap_service' squid.conf
  loadable_modules /usr/local/lib/ecap_adapter_minimal.so
  ecap_service ... uri=ecap://e-cap.org/ecap/services/sample/modifying

Again, Squid warned you about the mismatch:

  WARNING: configured ecap_service was not loaded: ecap://e-cap.org/ecap/services/sample/modifying

Needless to say, the adapter(s) you load and the service(s) you configure have to match!

Revision history for this message
Bùi Huy Long (longbh) said : 		#8

With the information of you, i don't know configured and checks execute as example of:

====================================================================
If you want to test injection of some HTML and/or Javascript code, adjustsquid.conf to tell the modifying adapter to load the injection text from a local file.
ecap_enable on
ecap_service ecapModifier respmod_precache \
        uri=ecap://e-cap.org/ecap/services/sample/modifying \
        victim=</body> \
        replacement-src=/usr/local/squid/etc/my-injection.html
adaptation_access ecapModifier allow all
Please note that, to preserve HTML structure, the replacement text must either start or end with the HTML tag you are replacing. For example, if you are replacing a </body> tag, as shown in the example above, the replacement text should end with </body>.

====================================================================

Can you guide me in details of the configuration and test results squid.

Best regards,

Revision history for this message
Alex Rousskov (rousskov) said : 		#9

Use the combination of:

* loadable_modules /usr/local/lib/ecap_adapter_modifying.so
* ecap_service ... uri=ecap://e-cap.org/ecap/services/sample/modifying

Revision history for this message
Bùi Huy Long (longbh) said : 		#10

I've followed your instructions but did not get service squid start.

File squid.conf
====================================================================================
ecap_enable on
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_service ecapModifier respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim=</body> replacement-src=/usr/local/squid/etc/my-injection.html
adaptation_access ecapModifier allow all

====================================================================================

Error log:

Oct 18 12:18:19 proxy4 squid[2990]: Squid Parent: will start 1 kids
Oct 18 12:18:19 proxy4 squid[2990]: Squid Parent: (squid-1) process 2992 started
Oct 18 12:18:20 proxy4 abrt[3002]: Saved core dump of pid 2992 (/usr/sbin/squid) to /var/spool/abrt/ccpp-2016-10-18-12:18:20-2992 (12636160 bytes)
Oct 18 12:18:20 proxy4 abrtd: Directory 'ccpp-2016-10-18-12:18:20-2992' creation detected
Oct 18 12:18:20 proxy4 squid[2990]: Squid Parent: (squid-1) process 2992 exited due to signal 6 with status 0
Oct 18 12:18:23 proxy4 squid[2990]: Squid Parent: (squid-1) process 3195 started
Oct 18 12:18:23 proxy4 abrt[3213]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 12:18:23 proxy4 squid[2990]: Squid Parent: (squid-1) process 3195 exited due to signal 6 with status 0
Oct 18 12:18:26 proxy4 abrtd: Generating core_backtrace
Oct 18 12:18:26 proxy4 abrtd: Duplicate: core backtrace
Oct 18 12:18:26 proxy4 abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2016-10-07-20:58:00-30884
Oct 18 12:18:26 proxy4 abrtd: Deleting problem directory ccpp-2016-10-18-12:18:20-2992 (dup of ccpp-2016-10-07-20:58:00-30884)
Oct 18 12:18:26 proxy4 abrtd: Sending an email...
Oct 18 12:18:26 proxy4 squid[2990]: Squid Parent: (squid-1) process 3253 started
Oct 18 12:18:26 proxy4 abrtd: Email was sent to: root@localhost
Oct 18 12:18:27 proxy4 abrt[3265]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 12:18:27 proxy4 squid[2990]: Squid Parent: (squid-1) process 3253 exited due to signal 6 with status 0
Oct 18 12:18:30 proxy4 squid[2990]: Squid Parent: (squid-1) process 3267 started
Oct 18 12:18:30 proxy4 abrt[3276]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 12:18:30 proxy4 squid[2990]: Squid Parent: (squid-1) process 3267 exited due to signal 6 with status 0
Oct 18 12:18:33 proxy4 squid[2990]: Squid Parent: (squid-1) process 3278 started
Oct 18 12:18:33 proxy4 abrt[3287]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 12:18:33 proxy4 squid[2990]: Squid Parent: (squid-1) process 3278 exited due to signal 6 with status 0
Oct 18 12:18:33 proxy4 squid[2990]: Squid Parent: (squid-1) process 3278 will not be restarted due to repeated, frequent failures
Oct 18 12:18:33 proxy4 squid[2990]: Exiting due to repeated, frequent failures

with this error, please guide me handle.

Best regards,

Revision history for this message
Alex Rousskov (rousskov) said : 		#11

I see no problems with the latest combination of eCAP-related squid.conf directives that you have posted.

Your Squid is aborting/crashing. The error log you posted do not show the reason for the crash. I recommend the following procedure:

1. Make sure everything works fine with "ecap_enable off" in squid.conf and no other squid.conf changes. If you cannot get this step to work, ask the Squid Project for help (e.g., email the squid-users mailing list).

2. Set "ecap_enable" back to "on".

3. If Squid is not crashing in #1 but starts to crash after #2, then post cache.log output (it usually shows the reason for the crash) and a stack trace from the dumped core. Squid wiki has information on how to collect stack traces.

Revision history for this message
Bùi Huy Long (longbh) said : 		#12

#1: With: ecap_enable off ==> service squid start is normal

#2: when I configure ecap_enable on, service squid can not start.

Log messages:

Oct 18 13:42:36 proxy4 squid[5345]: Squid Parent: (squid-1) process 5347 exited with status 0
Oct 18 13:42:36 proxy4 squid[5395]: Squid Parent: will start 1 kids
Oct 18 13:42:36 proxy4 squid[5395]: Squid Parent: (squid-1) process 5397 started
Oct 18 13:42:37 proxy4 abrt[5407]: Saved core dump of pid 5397 (/usr/sbin/squid) to /var/spool/abrt/ccpp-2016-10-18-13:42:37-5397 (12636160 bytes)
Oct 18 13:42:37 proxy4 abrtd: Directory 'ccpp-2016-10-18-13:42:37-5397' creation detected
Oct 18 13:42:37 proxy4 squid[5395]: Squid Parent: (squid-1) process 5397 exited due to signal 6 with status 0
Oct 18 13:42:40 proxy4 squid[5395]: Squid Parent: (squid-1) process 5530 started
Oct 18 13:42:40 proxy4 abrt[5611]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 13:42:40 proxy4 squid[5395]: Squid Parent: (squid-1) process 5530 exited due to signal 6 with status 0
Oct 18 13:42:43 proxy4 squid[5395]: Squid Parent: (squid-1) process 5646 started
Oct 18 13:42:43 proxy4 abrtd: Generating core_backtrace
Oct 18 13:42:44 proxy4 abrtd: Duplicate: core backtrace
Oct 18 13:42:44 proxy4 abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2016-10-07-20:58:00-30884
Oct 18 13:42:44 proxy4 abrtd: Deleting problem directory ccpp-2016-10-18-13:42:37-5397 (dup of ccpp-2016-10-07-20:58:00-30884)
Oct 18 13:42:44 proxy4 abrtd: Sending an email...
Oct 18 13:42:44 proxy4 abrtd: Email was sent to: root@localhost
Oct 18 13:42:44 proxy4 abrt[5671]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 13:42:44 proxy4 squid[5395]: Squid Parent: (squid-1) process 5646 exited due to signal 6 with status 0
Oct 18 13:42:46 proxy4 kernel: IN=eth1 OUT= MAC=00:0c:29:96:cd:8a:bc:ea:fa:d1:f0:0b:08:00 SRC=190.16.184.62 DST=118.69.215.133 LEN=40 TOS=0x02 PREC=0x40 TTL=45 ID=9321 PROTO=TCP SPT=34651 DPT=23 WINDOW=38219 RES=0x00 SYN URGP=0
Oct 18 13:42:47 proxy4 squid[5395]: Squid Parent: (squid-1) process 5674 started
Oct 18 13:42:47 proxy4 abrt[5683]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 13:42:47 proxy4 squid[5395]: Squid Parent: (squid-1) process 5674 exited due to signal 6 with status 0
Oct 18 13:42:50 proxy4 squid[5395]: Squid Parent: (squid-1) process 5685 started
Oct 18 13:42:51 proxy4 abrt[5694]: Not saving repeating crash in '/usr/sbin/squid'
Oct 18 13:42:51 proxy4 squid[5395]: Squid Parent: (squid-1) process 5685 exited due to signal 6 with status 0
Oct 18 13:42:51 proxy4 squid[5395]: Squid Parent: (squid-1) process 5685 will not be restarted due to repeated, frequent failures
Oct 18 13:42:51 proxy4 squid[5395]: Exiting due to repeated, frequent failures

Log Squid: http://fsend.vn/z1uf08xd

with this error, please guide me handle.

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#13

> Log Squid: http://fsend.vn/z1uf08xd

Squid usually tells you what it thinks is wrong. Check the cache.log file:

2016/10/18 13:48:24 kid1| ERROR: failed to start essential eCAP service: ecap://e-cap.org/ecap/services/sample/modifying:
Modifying Adapter: configuration error: unsupported configuration parameter: replacement-src
2016/10/18 13:48:24 kid1| FATAL: dying from an unhandled exception: Modifying Adapter: configuration error: unsupported configuration parameter: replacement-src

Also:

$ fgrep ERROR take3/cache.log | sed 's/.*ERROR//' | sort | uniq -c
      6 : Unknown adaptation name eReqmod in adaptation set 'reqFilter'
      6 : Unknown adaptation name eRespmod in adaptation set 'respFilter'
     79 : failed to start essential eCAP service: ecap://e-cap.org/ecap/services/sample/modifying:
  38379 : No forward-proxy ports configured.

And:
  2016/10/15 15:59:57| Squid is already running! Process ID 2423
  2016/10/18 12:03:09| Squid is already running! Process ID 65956

Please cleanup your environment and start with a fresh cache.log. Use debug_options ALL,1. Doing so will make it is easier for you to see errors. You can always change them to ALL,9 when you need to investigate a problem that is not visible at ALL,1.

As for the replacement-src error, it looks very strange because the adapter does support that option. If you are still suffering from this error, please:

1. post the output of the following command (adjust path as needed):
    strings /usr/local/lib/ecap_adapter_modifying.so | egrep '^(replacement|1[.]0)'

2. post your squid.conf

Revision history for this message
Bùi Huy Long (longbh) said : 		#14

1. The output of the following commnad: strings /usr/local/lib/ecap_adapter_modifying.so | egrep '^(replacement|1[.]0)'
==========================
[root@proxy4 lib]# strings /usr/local/lib/ecap_adapter_modifying.so | egrep '^(replacement|1[.]0)'
1.0.0
replacement
==========================

2. I have configured the debug_options ALL,1 ; file squid.conf; log message; all log squid

URL: http://fsend.vn/0Di2dJE9

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#15

Your output for #1 is very strange. How did you build that adapter?! Is there "replacement-src" string in the adapter sources that you used?

Your cache.log for #2 still shows lots of eCAP-unrelated errors. You should address them first. Perhaps you though that *I* need that ALL,1 log. I do not. *You* need it because you need to see the errors and fix them (with ecap_enabled off). Otherwise, you will be solving too many different problems at once, and it will be difficult for you to make progress. For Squid-specific eCAP-unrelated problems, the squid-users mailing is the right place to seek help (not this Question).

$ egrep '(FATAL|ERROR):' squid/cache.log | sed 's/.*[|]//' | sort | uniq -c | sort -nr
   7788 ERROR: No forward-proxy ports configured.
     44 FATAL: dying from an unhandled exception: Modifying Adapter: configuration error: unsupported configuration parameter: replacement-src
     44 ERROR: failed to start essential eCAP service: ecap://e-cap.org/ecap/services/sample/modifying:
     26 FATAL: Ipc::Mem::Segment::open failed to shm_open(/squid-ssl_session_cache.shm): (2) No such file or directory

The first and last problem are unrelated to eCAP.

Revision history for this message
Alex Rousskov (rousskov) said : 		#16

> unsupported configuration parameter: replacement-src

I figured it out! Support for that parameter was added in adapter sample v0.2.1. You are using adapter sample v1.0.0. Despite a higher version number, sample v1.0.0 was released _before_ sample v0.2.1. Sample v1.0.0 lacks support for replacement-src. We have ported replacement-src support to sample v1 since then, but there were no v1.0 _releases_ after v1.0.0 to incorporate that support. The v1.0 code I was looking at had replacement-src but the code you got from the v1.0.0 sample lacked it.

The linked bug 1634621 has a patch porting replacement-src support from v0.2 to v1.0.

Revision history for this message
Bùi Huy Long (longbh) said : 		#17

Please guide me, how to use is injection of some HTML and/or Javascript code

Thanks,

Revision history for this message
Alex Rousskov (rousskov) said : 		#18

The sample modifying adapter can do primitive HTML injection. Production-quality injection requires a lot of work (which is usually specific to a particular injection goal/environment). There are existing production-quality injection adapters, but I am not aware of any open sourced ones.

This is a simple Q&A interface; it does not really work for guidance/mentoring/tutoring/teaching/training/etc. I am happy to try to answer specific questions. This is not really the right place for anything more than that.

Revision history for this message
Bùi Huy Long (longbh) said : 		#19

Thank you very much for supporting,

I've setup the squid-3.4.5; sample-0.2.1; libecap-0.2.0. Already been squid start.

File squid.conf

ecap_enable on
loadable_modules /usr/local/lib/ecap_adapter_minimal.so
loadable_modules /usr/local/lib/ecap_adapter_modifying.so
ecap_service ecapModifier respmod_precache uri=ecap://e-cap.org/ecap/services/sample/modifying victim=</body> replacement-src=/usr/local/squid/etc/my-injection.html
adaptation_access ecapModifier allow all

File my-injection.html

==================================================
<!DOCTYPE html>
<html>
<body>

<img src="adstq.jpg" alt="Mountain View" style="width:300px;height:35px;">

</body>
</html>
==================================================

but, when I signed on the website does not load any content file my-injection.html.

I sent you the entire configuration file; squid log.

URL: http://fsend.vn/ERCkwJjq

1. Would you please check my configuration is correct ?

2. guide me how to check the results achieved with the example above ?

Best regards,

Can you help with this problem?

Provide an answer of your own, or ask Bùi Huy Long for more information if necessary.

To post a message you must log in.