Hi Sean, the conversion of squid 3.1 to 3.2, we had the same error. We solved the problem with the parameter "icap_persistent_connections off"
Bye UK > -----Ursprüngliche Nachricht----- > Von: bo...@boran.ch [mailto:bo...@boran.ch] Im Auftrag von Sean Boran > Gesendet: Dienstag, 4. Dezember 2012 10:49 > An: squid-users@squid-cache.org > Betreff: [squid-users] essential ICAP service is suspended > > Hi, > > I've been running a squid 3.3 live with SSL inspection for over a week, AV > scanning with clamav+c-icap work fine until now (about 500k GETS per day). > Then users started seen icap errors in their browser:: > > In the squid logs: > essential ICAP service is suspended: icap://127.0.0.1:1344/squidclamav > [down,susp,fail11] > > c-icap was then tuned a bit: > - increase the number of processes (now have 90) > - set debug=0 (less logs`: they were massive) > - exclude large files from scanning and certain media types > > The system was not that heavily loaded (load bout 0.3, icap getting maybe > 20 requests/sec), the above measure did seem to make much difference. > Any suggestions for avoiding this? > > Also, when this happens, squid takes a few minutes to talk to icap again: > 15:30:31 kid1| essential ICAP service is suspended: > icap://127.0.0.1:1344/squidclamav [down,susp,fail11] > 15:33:31 kid1| essential ICAP service is up: > icap://127.0.0.1:1344/squidclamav [up] > > Is there a timeout variable to ask squid to talk to icap much quick again? > > Squid config: > icap_enable on > icap_send_client_ip on > icap_send_client_username on > icap_client_username_encode off > icap_client_username_header X-Authenticated-User icap_preview_enable > on icap_preview_size 1024 scanned via squidclamav Service via ICAP > icap_service service_req reqmod_precache bypass=1 > icap://127.0.0.1:1344/squidclamav adaptation_access service_req deny > CONNECT adaptation_access service_req allow all icap_service service_resp > respmod_precache bypass=0 icap://127.0.0.1:1344/squidclamav > adaptation_access service_resp deny CONNECT adaptation_access > service_resp allow all > > Sean