summaryrefslogtreecommitdiff
path: root/pcr
diff options
context:
space:
mode:
authorAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-03-28 03:28:23 -0300
committerAndré Fabian Silva Delgado <emulatorman@parabola.nu>2016-03-28 03:28:23 -0300
commit4c0ead787d0a9e1b3fde331e17f7743ede8fcb77 (patch)
tree9018770de2f1c7b48a4d958ac7af6021a7354483 /pcr
parenta69e43e17d55e6bd2c2af1d7ce9e35c2e1d2b989 (diff)
c-icap: add new package to [pcr]
Diffstat (limited to 'pcr')
-rw-r--r--pcr/c-icap/PKGBUILD54
-rw-r--r--pcr/c-icap/c-icap.conf760
-rw-r--r--pcr/c-icap/c-icap.service11
-rw-r--r--pcr/c-icap/install7
-rw-r--r--pcr/c-icap/logrotate9
-rw-r--r--pcr/c-icap/tmpfiles.d1
6 files changed, 842 insertions, 0 deletions
diff --git a/pcr/c-icap/PKGBUILD b/pcr/c-icap/PKGBUILD
new file mode 100644
index 000000000..67c4667f4
--- /dev/null
+++ b/pcr/c-icap/PKGBUILD
@@ -0,0 +1,54 @@
+# Maintainer (Arch): Amish <contact at via dot aur>
+pkgname=c-icap
+pkgver=0.4.2
+pkgrel=1
+pkgdesc='Implementation of an ICAP server'
+arch=(i686 x86_64 armv7h)
+url='http://c-icap.sourceforge.net/'
+license=('GPL' 'LGPL')
+source=("http://downloads.sourceforge.net/project/c-icap/c-icap/0.4.x/c_icap-${pkgver}.tar.gz"
+ 'c-icap.conf'
+ 'c-icap.service'
+ 'tmpfiles.d'
+ 'logrotate')
+sha256sums=('b138c7d7d9828d54c3307bcfe7b4917911266593832ffc26a60df9a0dfd2511e'
+ 'a2859a3f2bab1d96ae3a6364853a65c3985a0c336dab385294b977ecca336fc3'
+ '313ae1b3ff52597158d3a914702d60b16248a8fb8f934e91644f63ad373e6375'
+ '485fa1649ad1a63f6f2ec46eb0c8100d8756be0ba99df2cf23aa2fc70f14b27d'
+ '07d5d98801feb0b20fe3cbbf9f7d00148cbda7b2e9e2bc07d859c1c5aa154926')
+backup=('etc/c-icap/c-icap.conf'
+ 'etc/c-icap/c-icap.magic'
+ 'etc/logrotate.d/c-icap')
+install=install
+
+build() {
+ cd "${srcdir}/c_icap-${pkgver}"
+ ./configure \
+ --prefix=/usr \
+ --localstatedir=/var \
+ --sbindir=/usr/bin \
+ --sysconfdir=/etc/c-icap \
+ --enable-ipv6 \
+
+ make
+}
+
+package() {
+ cd "${srcdir}/c_icap-${pkgver}"
+ make DESTDIR="${pkgdir}" install
+
+ # fix some bad permissions
+ find "${pkgdir}"/etc/c-icap/ -type f -print0 | xargs -0 chmod 644
+ chmod g-w "${pkgdir}"/var/log
+
+ # remove /var/run directory which should not be packaged
+ rmdir "${pkgdir}"/var/run/c-icap/ "${pkgdir}"/var/run/
+
+ install -Dm644 ../c-icap.conf "${pkgdir}"/etc/c-icap/c-icap.conf
+ install -Dm644 ../c-icap.service "${pkgdir}"/usr/lib/systemd/system/c-icap.service
+ install -Dm644 ../tmpfiles.d "${pkgdir}"/usr/lib/tmpfiles.d/c-icap.conf
+ install -Dm644 ../logrotate "${pkgdir}"/etc/logrotate.d/c-icap
+
+ install -d -m750 "${pkgdir}"/var/log/c-icap
+ chown 15:15 "${pkgdir}"/var/log/c-icap
+}
diff --git a/pcr/c-icap/c-icap.conf b/pcr/c-icap/c-icap.conf
new file mode 100644
index 000000000..8a9890c9c
--- /dev/null
+++ b/pcr/c-icap/c-icap.conf
@@ -0,0 +1,760 @@
+#
+# This file contains the default settings for c-icap
+#
+#
+
+
+# TAG: PidFile
+# Format: PidFile pid_file
+# Description:
+# The file to store the pid of the main process of the c-icap server.
+# Default:
+# PidFile /var/run/c-icap/c-icap.pid
+PidFile /var/run/c-icap/c-icap.pid
+
+# TAG: CommandsSocket
+# Format: CommandsSocket socket_file
+# Description:
+# The path of file to use as control socket for c-icap
+# Default:
+# CommandsSocket /var/run/c-icap/c-icap.ctl
+CommandsSocket /var/run/c-icap/c-icap.ctl
+
+# TAG: Timeout
+# Format: Timeout seconds
+# Description:
+# The time in seconds after which a connection without activity
+# can be cancelled.
+# Default:
+# Timeout 300
+Timeout 300
+
+# TAG: MaxKeepAliveRequests
+# Format: MaxKeepAliveRequests number
+# Description:
+# The maximum number of requests can be served by one connection
+# Set it to -1 for no limit
+# Default:
+# MaxKeepAliveRequests 100
+MaxKeepAliveRequests 100
+
+# TAG: KeepAliveTimeout
+# Format: KeepAliveTimeout seconds
+# Description:
+# The maximum time in seconds waiting for a new requests before a
+# connection will be closed.
+# If the value is set to -1, there is no timeout.
+# Default:
+# KeepAliveTimeout 600
+KeepAliveTimeout 600
+
+# TAG: StartServers
+# Format: StartServers number
+# Description:
+# The initial number of server processes. Each server process
+# generates a number of threads, which serve the requests.
+# Default:
+# StartServers 3
+StartServers 10
+
+# TAG: MaxServers
+# Format: MaxServers number
+# Description:
+# The maximum allowed number of server processes.
+# Default:
+# MaxServers 10
+MaxServers 50
+
+# TAG: MinSpareThreads
+# Format: MinSpareThreads number
+# Description:
+# If the number of the available threads is less than number,
+# the c-icap server starts a new child.
+# Default:
+# MinSpareThreads 10
+MinSpareThreads 10
+
+# TAG: MaxSpareThreads
+# Format: MaxSpareThreads number
+# Description:
+# If the number of the available threads is more than number then
+# the c-icap server kills a child.
+# Default:
+# MaxSpareThreads 20
+MaxSpareThreads 40
+
+# TAG: ThreadsPerChild
+# Format: ThreadsPerChild number
+# Description:
+# The number of threads per child process.
+# Default:
+# ThreadsPerChild 10
+ThreadsPerChild 10
+
+# TAG: MaxRequestsPerChild
+# Format: MaxRequestsPerChild number
+# Description:
+# The maximum number of requests that a child process can serve.
+# After this number has been reached, process dies. The goal of this
+# parameter is to minimize the risk of memory leaks and increase the
+# stability of c-icap. It can be disabled by setting its value to 0.
+# Default:
+# MaxRequestsPerChild 0
+MaxRequestsPerChild 0
+
+# TAG: InterProcessSharedMemScheme
+# Format: InterProcessSharedMemScheme posix | mmap | sysv
+# Description:
+# The interprocess shared mem scheme to use. Available schemes:
+# posix Use posix shared memory (shm_open interface)
+# mmap Use anonymous mmaped files as shared memory
+# sysv use the sysv ipc shared memory
+# Default:
+# InterProcessSharedMemScheme posix
+
+# TAG: InterProcessLockingScheme
+# Format: InterProcessSharedMemScheme file | sysv | posix
+# Description:
+# The interprocess locking scheme to use. Available schemes:
+# file Use lock file
+# sysv Use the sysv ipc semaphores
+# posix Use posix semaphores: Use it with caution you may experienced
+# locking problems if one or more processes crashed.
+# Default:
+# InterProcessLockingScheme file
+
+# TAG: Port
+# Format: Port port
+# Description:
+# The port number that the c-icap server uses to listen to requests.
+# Default:
+# Port 1344
+Port 1344
+
+# TAG: User
+# Format: User username
+# Description:
+# The user owning c-icap's processes. By default, the owner is the
+# user who runs the program.
+# Default:
+# No value
+# Example:
+# User wwwrun
+
+# TAG: Group
+# Format: Group groupname
+# Description:
+# The group of users owning c-icap's processes, which, by default
+# is the group of the current user.
+# Default:
+# No value
+# Example:
+# Group nogroup
+
+# TAG: ServerAdmin
+# Format: ServerAdmin admin_mail
+# Description:
+# The Administrator of this server. Used when displaying information
+# about this server (logs, info service, etc)
+# Default:
+# No value
+ServerAdmin root@localhost
+
+# TAG: ServerName
+# Format: ServerName aServerName
+# Description:
+# A name for this server. Used when displaying information about this
+# server (logs, info service, etc)
+# Default:
+# No value
+ServerName localhost
+
+# TAG: TmpDir
+# Format: TmpDir dir
+# Description:
+# dir is the location of temporary files.
+# Default:
+# TmpDir /var/tmp
+TmpDir /var/tmp
+
+# TAG: MaxMemObject
+# Format: MaxMemObject bytes
+# Description:
+# The maximum memory size in bytes taken by an object which
+# is processed by c-icap . If the size of an object's body is
+# larger than the maximum size a temporary file is used.
+# Default:
+# MaxMemObject 131072
+MaxMemObject 131072
+
+# TAG: DebugLevel
+# Format: DebugLevel level
+# Description:
+# The level of debugging information to be logged.
+# The acceptable range of levels is between 0 and 10.
+# Default:
+# DebugLevel 1
+DebugLevel 0
+
+# TAG: Pipelining
+# Format: Pipelining on|off
+# Description:
+# Enable or disable ICAP requests pipelining
+# Default:
+# Pipelining on
+Pipelining on
+
+# TAG: SupportBuggyClients
+# FORMAT: SupportBuggyClients on|off
+# Description:
+# Try to handle requests from buggy clients, for example ICAP requests
+# missing "\r\n" sequences
+# Default:
+# SupportBuggyClients off
+SupportBuggyClients off
+
+# TAG: Allow204As200okZeroEncaps
+# Format: Allow204As200okZeroEncaps
+# Description:
+# When used the c-icap instead of allow 204 return "200 OK" responses
+# with zero encapsulated entities.
+# Default:
+# No set
+
+# TAG: ModulesDir
+# Format: ModulesDir dir
+# Description:
+# The location of modules
+# Default:
+# ModulesDir /usr/lib/c_icap
+ModulesDir /usr/lib/c_icap
+
+# TAG: ServicesDir
+# Format: ServicesDir dir
+# Description:
+# The location of services
+# Default:
+# ServicesDir /usr/lib/c_icap
+ServicesDir /usr/lib/c_icap
+
+# TAG: TemplateDir
+# Format: TemplateDir dir
+# Description:
+# The location of the text templates used by c-icap and its services,
+# categorized by language and services/modules
+# Default:
+# No value
+# Example:
+TemplateDir /usr/share/c_icap/templates/
+
+# TAG: TemplateDefaultLanguage
+# Format: TemplateDefaultLanguage lang
+# Description:
+# Sets the default language to use for text templates
+# Default:
+# TemplateDefaultLanguage en
+TemplateDefaultLanguage en
+
+#TemplateReloadTime 360
+#TemplateCacheSize 20
+#TemplateMemBufSize 8192
+
+# TAG: LoadMagicFile
+# Format: LoadMagicFile path
+# Description:
+# Load a c-icap magic file. A magic file contains various
+# data type definitions. Look inside default c-icap.magic file
+# for more informations.
+# It can be used more than once to use multiple magic files.
+# Default:
+# LoadMagicFile /etc/c-icap/c-icap.magic
+LoadMagicFile /etc/c-icap/c-icap.magic
+
+# TAG: RemoteProxyUsers
+# Format: RemoteProxyUsers onoff
+# Description:
+# Set it to on if you want to use username provided by the proxy server.
+# This is the recomended way to use users in c-icap.
+# If the RemoteProxyUsers is off and c-icap configured to use users or
+# groups the internal authentication mechanism will be used.
+# Default:
+# RemoteProxyUsers off
+RemoteProxyUsers off
+
+# TAG: RemoteProxyUserHeader
+# Format: RemoteProxyUserHeader Header
+# Description:
+# Used to specify the icap header used by the proxy server to send
+# the authenticated client username to c-icap server
+# Default:
+# RemoteProxyUserHeader X-Authenticated-User
+RemoteProxyUserHeader X-Authenticated-User
+
+# TAG: RemoteProxyUserHeaderEncoded
+# Format: RemoteProxyUserHeaderEncoded onoff
+# Description:
+# Set it to off if the RemoteProxyUserHeader is not base64 encoded
+# Default:
+# RemoteProxyUserHeaderEncoded on
+RemoteProxyUserHeaderEncoded on
+
+# TAG: AuthMethod
+# Format: AuthMethod Method Authenticator
+# Description:
+# Used to define the internal authentication mechanism to use. This
+# feature is not well tested and may cause problems. It is better to use
+# RemoteProxyUser configuration.
+# Method is the authentication method to use (basic, digest, etc).
+# Currently only basic authentication method is implemented as build in
+# module
+# Authenticator currently can only be "basic_simple_db"
+# It can be considered as a user/password store and can be
+# implemented as external module. The basic_simple_db is implemented as
+# build it module
+# Default:
+# No set
+# Example:
+# AuthMethod basic basic_simple_db
+
+# TAG: basic.Realm
+# Format: basic.Realm ARealm
+# Description:
+# Specify the basic method realm
+# Default:
+# basic.Realm "Basic authentication"
+# Example:
+# basic.Realm "c-icap server authentication"
+
+# TAG: basic_simple_db.UsersDB
+# Format: basic_simple_db.UsersDB LookupTable
+# Description:
+# Specify the lookup table where the usernames/passwords pairs
+# are stored. The paswords must be unencrypted
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No value
+# Example:
+# basic_simple_db.UsersDB hash:/etc/c-icap/c-icap-users.txt
+
+# TAG: GroupSourceByGroup
+# Format: GroupSourceByGroup LookupTable
+# Description:
+# Defines a lookup table where the groups of users are stored indexed
+# by group. It can be used more than once.
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No set
+# Example:
+# GroupSourceByGroup hash:/etc/c-icap/c-icap-groups.txt
+
+# TAG: GroupSourceByUser
+# Format: GroupSourceByUser LookupTable
+# Description:
+# Defines a lookup table where the groups of users are stored indexed
+# by user. It can be used more than once.
+# For more information about c-icap lookup tables read c-icap server
+# manual page
+# Default:
+# No set
+# Example:
+# GroupSourceByUser hash:/etc/c-icap/c-icap-user-groups.txt
+
+# TAG: acl
+# Format: acl name type[{param}] value1 [value2] [...]
+# Description:
+# Supported acl types are:
+# acl aclname service service1 ...
+# The servicename
+# acl aclname type OPTIONS|RESPMOD|REQMOD ...
+# The icap method
+# acl aclname port port1 ...
+# The icap server port
+# acl aclname src ip1/netmask1 ...
+# The client ip address
+# acl aclname srvip ip1/netmask1 ...
+# The c-icap server ip address
+# acl aclname icap_header{HeaderName} value1 ...
+# Matches the icap header HeaderName with value1 ...
+# The values are in regex form: /avalue/flags
+# acl aclname icap_resp_header{HeaderName} value1 ...
+# The icap response header
+# The values are in regex form: /avalue/flags
+# acl aclname http_req_header{HeaderName} value1 ...
+# The http request header
+# The values are in regex form: /avalue/flags
+# acl aclname http_resp_header{HeaderName} value1 ...
+# The http response header
+# The values are in regex form: /avalue/flags
+# acl aclname data_type type1 ...
+# The data type as recognized by the internal data type
+# recognizer. The types are defined in c-icap.magic file
+# acl aclname auth username|* ...
+# The authenticated users. Using * instead of username means
+# all users.
+# acl aclname group group1 ...
+# if the user of request belongs to given groups
+# acl content_length{>|<|=} value1 ...
+# The content length of body data if the related information
+# included in http headers.
+# The parameter can take the value <, > or = to specify that
+# the acl will match if content length is less, greater or
+# equal to acl values.
+# acl time value1 ....
+# It checks agains current time. The values format is:
+# [DAY[,DAY,[..]]][/][HH:MM-HH:MM]
+# The DAY can be one of the following:
+# S - Sunday
+# M - Monday
+# T - Tuesday
+# W - Wednesday
+# H - Thursday
+# F - Friday
+# A - Saturday
+# acl http_client_ip ip1[/netmask1] ...
+# The HTTP client ip address, if it is available.
+# Default:
+# None set
+# Examples:
+# acl OPTIONS type OPTIONS
+# acl RESPMOD type RESPMOD
+# acl REQMOD type REQMOD
+# acl ALLREQUESTS type OPTIONS RESPMOD REQMOD
+# acl XHEAD icap_header{X-Test} /value/
+# acl ECHO service echo
+# acl localnet src 192.168.1.0/255.255.255.0
+# acl localhost src 127.0.0.1/255.255.255.255
+# acl all src 0.0.0.0/0.0.0.0
+# acl BigObjects content_length{>} 5000000
+# acl WorkingHours time M,T,W,H,F/8:00-18:00
+# acl FreeHour time Sunday,Saturday/8:00-23:59 M,T,W,H,F/18:01-23:59 M,T,W,H,F/0:00-7.59
+
+# TAG: icap_access
+# Format: icap_access allow|deny [!]acl1 ...
+# Description:
+# Allowing or denying ICAP access based on defined access lists
+# Default:
+# None set
+# Example:
+# icap_access deny XHEAD
+# #Allow OPTIONS method for all:
+# icap_access allow localnet OPTIONS
+# #Require authentication for all users from local network:
+# icap_access allow AUTH localnet
+# icap_access deny all
+
+# TAG: client_access
+# Format: client_access allow|deny acl1 [acl2] [...]
+# Description:
+# Allowing or denying connections on c-icap based on
+# defined access lists. Only the acl types src, srvip and port
+# can be used.
+# Default:
+# None set
+# Example:
+# client_access allow all
+
+# TAG: LogFormat
+# Format: LogFormat Name Format
+# Description:
+# Name is a name for this log format.
+# Format is a string with embedded % format codes. % format codes
+# has the following form:
+# % [-] [width] [{argument}] formatcode
+# if - is specified then the output is left aligned
+# if width specified then the field is exactly width size
+# some formatcodes support arguments given as {argument}
+#
+# Format codes:
+# %a: Remote IP-Address
+# %la: Local IP Address
+# %lp: Local port
+# %>a: Http Client IP Address. Only supported if the proxy
+# client supports the "X-Client-IP" header
+# %<A: Http Server IP Address. Only supported if the proxy
+# client supports the "X-Server-IP" header
+# %ts: Seconds since epoch
+# %tl: Local time. Supports optional strftime format argument
+# %tg: GMT time. Supports optional strftime format argument
+# %>ho: Modified Http request header. Supports header name
+# as argument. If no argument given the first line returned
+# %huo: Modified Http request url
+# %<ho: Modified Http reply header. Supports header name
+# as argument. If no argument given the first line returned
+# %iu: Icap request url
+# %im: Icap method
+# %is: Icap status code
+# %>ih: Icap request header. Supports header name
+# as argument. If no argument given the first line returned
+# %<ih: Icap response header. Supports header name
+# as argument. If no argument given the first line returned
+# %Ih: Http bytes received
+# %Oh: Http bytes sent
+# %Ib: Http body bytes received
+# %Ob: Http body bytes sent
+# %I: Bytes received
+# %O: Bytes sent
+# %bph: The first 5 bytes of the body preview data. Non
+# printable characters printed in hex form.
+# Supports the number of bytes to output as argument.
+# %un: Username
+# %Sl: Service log string
+# %Sa: Attribute value set by service. The attribute name must
+# given as argument.
+# Default:
+# None set
+# Example:
+# LogFormat myFormat "%tl, %a %im %iu %is %I %O %Ib %Ob %{10}bph"
+
+# TAG: ServerLog
+# Format: ServerLog LogFile
+# Description:
+# the file used by the build-in logger file_logger to
+# store debugging information, errors and other
+# information about the c-icap server.
+# Default:
+# ServerLog /var/log/c-icap/server.log
+ServerLog /var/log/c-icap/server.log
+
+# TAG: AccessLog
+# Format: AccessLog LogFile [LogFormat] [[!]acl1] [[!]acl2] [...]
+# Description:
+# LogFile is a file where to log access information.
+# LogFormat is the log format to use. If ommited c-icap uses:
+# "%tl, %la %a %im %iu %is"
+# Also acls can be used to select certain requests to be logged.
+# This directive can be used more than once to specify more than
+# one access log files
+# Default:
+# AccessLog /var/log/c-icap/access.log
+# Example:
+# AccessLog /var/log/c-icap/access.log MyFormat all
+AccessLog /var/log/c-icap/access.log
+
+# TAG: Logger
+# Format: Logger LoggerName
+# Description:
+# Specify wich logger to use. By default uses the build in "file_logger" which
+# uses files for access and server logging.
+# Default:
+# Logger file_logger
+# Example:
+# Logger sys_logger
+
+# TAG: Module
+# Format: Module Type ModuleFile
+# Description:
+# Load an external module/plugin to c-icap.
+# ModuleFile is the filename of the module. If no full path given then c-icap
+# searche in path defined by the ModulesDir configuration parameter.
+# Type is the type of the external module and can be one of the following:
+# - "logger" for modules implement a logger
+# - "common" for general purpose modules
+# Default:
+#
+# Example:
+# Module logger sys_logger.so
+
+# TAG: Service
+# Format: Service aName ServiceFile
+# Description:
+# It loads the service ServiceFile. The argument aName used
+# as alias name for the service
+# Default:
+#
+# Example:
+# Service echo_service srv_echo.so
+
+# TAG: ServiceAlias
+# Format: ServiceAlias AliasName ServiceName[?param1=value1&param2=value2...]
+# Description:
+# Used to define an alias name for a service.
+# Default:
+#
+# Example:
+# ServiceAlias avscan srv_clamav?allow204=on&sizelimit=off&mode=simple
+
+
+#
+# TAG: General configuration parameters for all services
+# Description:
+# PreviewSize: The preview data size to advertise to the icap client
+# MaxConnections: The client should not use more than MaxConnections
+# for this service.
+# TransferPreview: The list of file extensions, seperated by commas,
+# for which the client should send preview data.
+# TransferIgnore: The list of file extensions that should not be sent
+# to the icap server
+# TransferComplete: The list of file extensions that should be sent
+# in their entirety, without preview, to the icap server
+# OptionsTTL: The options ttl for the service. The "sec[s]", "min" or
+# "hour[s]" can be used to secify that the time is in seconds
+# minutes or hours respectively. If no time-units given
+# seconds are assumed.
+# Allow206 on|off: Enable/disable advertise of 206 responses.
+#
+# Example:
+# echo.PreviewSize 512
+# echo.TransferIgnore gif, jpeg
+# echo.OptionsTTL 3 min
+
+
+######################################################
+# External modules comming with core c-icap server
+#
+# Module: echo
+# Description:
+# Simple test service
+# Example:
+# Service echo srv_echo.so
+Service echo srv_echo.so
+
+# Module: sys_logger
+# Description:
+# Add support for logging access and server events to syslog server
+# Use "Module" configuration parameter to load this module and "Logger"
+# to make it default logger for the c-icap.
+# Example:
+# Module logger sys_logger.so
+# Logger sys_logger
+
+
+# TAG: sys_logger.Prefix
+# Format: sys_logger.Prefix string
+# Description:
+# string is be presented in every syslog message.
+# Default:
+# sys_logger.Prefix "C-ICAP:"
+
+# TAG: sys_logger.Facility
+# Format: sys_logger.Facility daemon|user|local1|local2|local3|local4|local5|local6|local7
+# Description:
+# specifies the facility type of syslog.
+# Default:
+# sys_logger.Facility daemon
+
+# TAG: sys_logger.access_priority
+# Format: sys_logger.access_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+# determines the importance of the access log message
+# Default:
+# sys_logger.access_priority info
+
+# TAG: sys_logger.server_priority
+# Format: sys_logger.server_priority alert|crit|debug|emerg|err|info|notice|warning
+# Description:
+# determines the importance of the server log message
+# Default:
+# sys_logger.server_priority crit
+
+# TAG: sys_logger.LogFormat
+# Format: sys_logger.LogFormat LOGFORMAT
+# Description:
+# The log format to use. If no log format defined then
+# the following will be used:
+# "%la %a %im %iu %is"
+# Default:
+# None set
+# Example:
+# Logformat BasicFormat "%la %a %im %iu %is"
+# sys_logger.LogFormat BasicFormat
+
+# TAG: sys_logger.access
+# Format: sys_logger.access [!]acl1 ...
+# Description:
+# Allow selecting ICAP requests to be logged using acls.
+# By default all requests will be logged.
+# Default:
+# None set
+# Example:
+# sys_logger.access all
+
+# End module: sys_logger
+
+# Module: bdb_tables
+# Description:
+# Add support for Berkeley DB based lookup tables. The format for
+# bdb path of the lookup table is:
+# bdb:/path/to/bdb
+# Use the c-icap-mkbdb utility to build Berkeley DB c-icap lookup tables
+# Example:
+# Module common bdb_tables.so
+
+# End module: bdb_tables
+
+# Module: dnsbl_tables
+# Description:
+# Add support for dns lookup tables. Can be used to access
+# dns block lists. The dnsbl lookup table path definition is:
+# dnsbl:domainname[{param1=val, ...}]
+# dnsbl table parameters can be one or more of the followings:
+# cache=no|cache_type
+# The cache type to use or 'no' for no cache.
+# cache-size=Size[K|M]
+# The cache size in RAM
+# cache-ttl=ttl
+# The cache ttl to use
+#
+# For example the lookup table for accessing the black.uribl.com
+# dns black list is:
+# dnsbl:black.uribl.com
+# Example:
+# Module common dnsbl_tables.so
+
+# End module: dnsbl_tables
+
+# Module: ldap_module
+# Description:
+# Add LDAP support to c-icap. The user can use LDAP based lookup tables
+# using the following lookup table path:
+# ldap://[username:password@]ldapserver?base?attr1,attr2?filter[{[param=value, ...]}]
+# The filter can contain the "%s" formating code which will be replaced by
+# the search key.
+# ldap table parameters can be one or more of the followings:
+# name=aName
+# A unique name to use for this table
+# cache=no|cache_type
+# The cache type to use or no for no cache.
+# cache-size=Size[K|M]
+# The cache size in RAM
+# cache-ttl=ttl
+# The cache ttl to use
+# cache-item-size=ItemSize[K|M]
+# The maximum item size
+#
+# Examples of supported ldap urls:
+# ldap://ldap.chtsanti.net?o=chtsanti?cn,uid?uid=%s{cache=memcached}
+# ldap://cn=Directory Manager:Apassword@ldap.chtsanti.net?o=chtsanti?mermberUid?(&(objectClass=posixGroup)(cn=%s))
+#
+# WARNING: is not enough tested it may contain bugs!
+# Example:
+# Module common ldap_module.so
+
+# End module: ldap_module
+
+# Module: memcached
+# Description:
+# Add support for memcached c-icap cache.
+# Example:
+# Module common memcached.so
+
+# TAG: memcached.servers
+# Format: memcached.servers hostname1 hostname2 ...
+# Description:
+# Set the memcached servers to use
+# Default:
+# memcached.servers 127.0.0.1
+
+# TAG: memcached.use_md5_keys
+# Format: memcached.use_md5_keys on|off
+# Description:
+# Whether to use or not md5 hash as key when the key exceeds the
+# MEMCACHED_MAX_KEY (normaly 251 bytes)
+# Default:
+# memcached.use_md5_keys on
+
+# End module: memcached
+
+#Include virus_scan.conf
+#Service squidclamav squidclamav.so
diff --git a/pcr/c-icap/c-icap.service b/pcr/c-icap/c-icap.service
new file mode 100644
index 000000000..419892d59
--- /dev/null
+++ b/pcr/c-icap/c-icap.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=ICAP server implementation
+
+[Service]
+User=proxy
+Type=forking
+PIDFile=/run/c-icap/c-icap.pid
+ExecStart=/usr/bin/c-icap
+
+[Install]
+WantedBy=multi-user.target
diff --git a/pcr/c-icap/install b/pcr/c-icap/install
new file mode 100644
index 000000000..04997856e
--- /dev/null
+++ b/pcr/c-icap/install
@@ -0,0 +1,7 @@
+post_upgrade() {
+ systemd-tmpfiles --create c-icap.conf
+}
+
+post_install() {
+ post_upgrade
+}
diff --git a/pcr/c-icap/logrotate b/pcr/c-icap/logrotate
new file mode 100644
index 000000000..e84f475c7
--- /dev/null
+++ b/pcr/c-icap/logrotate
@@ -0,0 +1,9 @@
+/var/log/c-icap/*.log {
+ create 600 proxy proxy
+ sharedscripts
+ missingok
+ notifempty
+ postrotate
+ /bin/kill -HUP `cat /run/c-icap/c-icap.pid 2>/dev/null` 2> /dev/null || true
+ endscript
+}
diff --git a/pcr/c-icap/tmpfiles.d b/pcr/c-icap/tmpfiles.d
new file mode 100644
index 000000000..20ccc11f0
--- /dev/null
+++ b/pcr/c-icap/tmpfiles.d
@@ -0,0 +1 @@
+d /run/c-icap 0755 proxy proxy -