From 1da0a432a4f05d6dd1632d0e511d2fe01bdf0734 Mon Sep 17 00:00:00 2001
From: Ad Schellevis <ad@opnsense.org>
Date: Tue, 21 Jul 2020 23:36:46 +0200
Subject: [PATCH] Proxy: don't try to force cachemanager access to use icap
 when enabled, it's highly unlikely the icap server understands these
 requests.

Originally all http_access tags where filtered in https://github.com/opnsense/core/commit/25449ffd493835f2614cefd4fa27814bad8fac85 , it seems like a slip of the pen to wrap the cache manager as well (probably nobody uses this combination)
---
 .../templates/OPNsense/Proxy/squid.acl.conf        | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf b/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
index 6c70dc825..405d91862 100644
--- a/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
+++ b/src/opnsense/service/templates/OPNsense/Proxy/squid.acl.conf
@@ -138,20 +138,6 @@ http_access deny bannedHosts
 {% endif %}
 
 # Only allow cachemgr access from localhost
-{% if helpers.exists('OPNsense.proxy.forward.icap.enable') and OPNsense.proxy.forward.icap.enable == '1' %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
-adaptation_access response_mod allow localhost manager
-{%   endif %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
-adaptation_access request_mod allow localhost manager
-{%   endif %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.ResponseURL') %}
-adaptation_access response_mod deny manager
-{%   endif %}
-{%   if helpers.exists('OPNsense.proxy.forward.icap.RequestURL') %}
-adaptation_access request_mod deny manager
-{%   endif %}
-{% endif %}
 http_access allow localhost manager
 http_access deny manager