Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
On 24/10/2016 9:34 p.m., Михаил wrote: > Hi! > Could you write me if you had managed to emulate the problem that I have? > Best regards, Misha. I have not been able to replicate it here. I think I remember seeing it a few years back, but not recently and trying last week my Squid worked okay. I was suspicious that the ::1 was being resolved. But your -vv output shows it is finding 127.0.0.1 just fine. Something in the proxy is denying the transaction, but your config looks like it should be allowed through without any problem. As a wild guess; try commenting out the ::1 entry in your /etc/hosts file. Squid loads that file into its internal DNS cache and maybe the entry is causing an issue on the Squid side of things. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
Hi!Could you write me if you had managed to emulate the problem that I have? Best regards, Misha. 14.10.2016, 18:51, "Михаил" :Hi.Ready. # squidclient -vv mgr:info | head -n 40stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters.verbosity level set to 2Request:GET cache_object://localhost/info HTTP/1.0Host: localhostUser-Agent: squidclient/3.5.21Accept: */*Connection: close .Transport detected: IPv4-onlyResolving localhost ...Connecting... localhost (127.0.0.1:3128)Connected to: localhost (127.0.0.1:3128)Sending HTTP request ...done.HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Fri, 14 Oct 2016 10:46:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3676X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from uis-proxy-rop.office.ipe.corpVia: 1.1 uis-proxy-rop.office.ipe.corp (squid)Connection: close ОШИБКА: Запрошенный URL не может быть получен
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
Hi.Ready. # squidclient -vv mgr:info | head -n 40stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters.verbosity level set to 2Request:GET cache_object://localhost/info HTTP/1.0Host: localhostUser-Agent: squidclient/3.5.21Accept: */*Connection: close .Transport detected: IPv4-onlyResolving localhost ...Connecting... localhost (127.0.0.1:3128)Connected to: localhost (127.0.0.1:3128)Sending HTTP request ...done.HTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Fri, 14 Oct 2016 10:46:56 GMTContent-Type: text/html;charset=utf-8Content-Length: 3676X-Squid-Error: ERR_ACCESS_DENIED 0X-Cache: MISS from uis-proxy-rop.office.ipe.corpVia: 1.1 uis-proxy-rop.office.ipe.corp (squid)Connection: close ОШИБКА: Запрошенный URL не может быть получен
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
Please run this command: squidclient -vv mgr:info | head -n 40 Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
Hi.Yes, you are sure. Squid was build with parameter '--disable-ipv6'. Below you could see the full list of compile options: # squid -vSquid Cache: Version 3.5.21Service Name: squidconfigure options: '--prefix=/usr' '--with-logdir=/var/log/squid/' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--with-default-user=squid' '--disable-ipv6' '--with-filedescriptors=32768' '--enable-default-err-language=Russian' '--enable-err-languages=Russian' '--enable-delay-pools' --enable-ltdl-convenience Also you could see my hosts-file and configuration file (Thanks Antony Stone for interesting command!): # more /etc/hosts127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4::1 localhost localhost.localdomain localhost6 localhost6.localdomain6192.168.177.98 uis-proxy-rop.office.***.corp uis-proxy-rop UIS-PROXY-ROP # grep ^[^#] /etc/squid/squid.confvisible_hostname uis-proxy-rop.office.***.corphttpd_suppress_version_string oncache_mgr admins@usk.***.ruerror_directory /usr/share/errors/rumax_filedesc 32768access_log daemon:/var/log/squid/access.log squidcache_log /var/log/squid/cache.loghttp_port 3128cache deny allcoredump_dir /var/cache/squidauth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=OFFICE --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/uis-proxy-rop.office.***.corp@OFFICE.***.CORPauth_param negotiate children 500 startup=250 idle=50auth_param negotiate keep_alive onauth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=OFFICEauth_param ntlm children 80 startup=55 idle=25auth_param ntlm keep_alive onauth_param basic program /usr/lib/squid/basic_ldap_auth -R -D squidreader@office.***.corp -w *** -b "DC=office,DC=***,DC=corp" -f "sAMAccountName=%s" -H ldap://UISDC3.office.***.corp -Z -dauth_param basic children 40 startup=15 idle=10auth_param basic realm Squid proxy-caching web serverauth_param basic credentialsttl 2 hoursauth_param basic casesensitive offexternal_acl_type memberof children-max=500 children-startup=250 %LOGIN /usr/lib/squid/ext_ldap_group_acl -R -K -b "dc=office,dc=***,dc=corp" -D squidreader@office.***.corp -w Qq123456 -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=internet,ou=Универсальные_группы,ou=groups,ou=lpk,dc=office,dc=***,dc=corp))" -H ldap://UISDC3.office.***.corp -Zacl auth proxy_auth REQUIREDacl FullAccess external memberof Proxy-access-enable-fullacl SupportAccess external memberof Proxy-access-enable-supportacl UsersAccess external memberof Proxy-access-enable-usersacl JobSearchAccess external memberof Proxy-access-enable-job-searchacl MailAccess external memberof Proxy-access-enable-mailacl PRMAccess external memberof Proxy-access-enable-PRMacl unauthorized-elite src "/etc/squid/unauthorized-elite.list"acl unauthorized src "/etc/squid/unauthorized.list"acl local_domains dstdomain "/etc/squid/local_domains.list"acl local_network dst 10.0.0.0/8 # RFC1918 possible internal networkacl local_network dst 172.16.0.0/12 # RFC1918 possible internal networkacl local_network dst 192.168.0.0/16 # RFC1918 possible internal networkacl servers_network src 192.168.177.0/24 192.168.180.0/24deny_info Error_Terminal.html servers_networkacl Passport_quality url_regex 82.200.22.53/*acl SKAUT_ADDR dst 193.33.232.232 217.148.217.170acl SKAUT_PORT port 22424-22436 81acl VED-declarant_DOMAIN dstdomain .ed2inteh.ctm.ru .nposapfir.ruacl AutoGraph_DOMAIN dstdomain .m.tk-chel.ruacl UIS-AUDITMODERN_ADDR src 192.168.177.40acl clicksys_ru_ADDR dstdomain clicksys.ruacl miflib_ru_DOMAIN dstdomain .***.miflib.ruacl education_PRM_DOMAIN dstdomain .***.ispringonline.comacl webmail_domains dstdomain "/etc/squid/banlist/webmail_domains.list"acl webmail_urls url_regex "/etc/squid/banlist/webmail_urls.list"acl mail_domains dstdomain "/etc/squid/banlist/mail_domains.list"acl mail_urls url_regex "/etc/squid/banlist/mail_urls.list"deny_info Error_Webmail.html webmail_domains webmail_urls mail_domains mail_urlsacl jobsearch_domains dstdomain "/etc/squid/banlist/jobsearch_domains.list"deny_info Error_Job.html jobsearch_domainsacl remote dstdomain "/etc/squid/banlist/remote.list"deny_info Error_Remote.html remoteacl vari dstdomain "/etc/squid/banlist/vari.list"deny_info Error_Vari.html variacl porno dstdomain "/etc/squid/banlist/porno.list"deny_info Error_Vari.html pornodeny_info Error_Users.html allhttp_access allow localhost managerhttp_access deny managerhttp_access allow local_domainshttp_access allow local_networkhttp_access allow unauthorized-elitehttp_access allow Passport_qualityhttp_access allow SKAUT_ADDR SKAUT_PORThttp_access allow VED-declarant_DOMAINhttp_access allow AutoGraph_DOMAINhttp_access allow UIS-AUDITMODERN_ADDR clicksys_ru_ADDRhttp_access allow miflib_ru_DOMAINhttp_access deny un
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
On Tuesday 11 October 2016 at 12:31:03, Jorgeley Junior wrote: > I think it could be the sequence of the rules, do this command and post the > results: > grep . /etc/squid-your-version/squid.conf | > grep -v "#" This can be collapsed down to: grep "^[^#]" /etc/squid-your-version/squid.conf That regex matches any character other than # at the start of a line. Empty lines don't count, because there is no character at the start of the line. Antony. > 2016-10-11 3:59 GMT-03:00 Amos Jeffries : > > On 11/10/2016 4:54 p.m., Михаил wrote: > > > I check version of squid 3.5.21 with my configuration and I faced with > > > a problem. Early I used in version 3.5.12 this line for connect > > > localhost, > > > > but now > > > > > it doesn't work. > > > > Order is important. Where you place the rules in squid.conf matters a > > lot with regards to whether they are actually useful and do what you > > want, or not. > > > > > # squid.conf > > > ... > > > http_access allow localhost manager > > > http_access deny manager > > > ... > > > # squidclient -p 3128 -h localhost mgr:info > > > HTTP/1.1 403 Forbidden > > > Server: squid > > > Mime-Version: 1.0 > > > Date: Tue, 11 Oct 2016 03:42:54 GMT > > > ... > > > > > > If I set a full access I could connect to localhost. > > > > > > > > > # squid.conf > > > ... > > > http_access allow all > > > http_access deny manager > > > ... > > > > So what IP address(es) does 'localhost' resolve to? > > > > > # squidclient -p 3128 -h localhost mgr:info > > > stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by > > > build parameters. > > > > I know you said in a followup to ignore this. But it may be important. > > > > It shows that squidclient was built with --disable-ipv6, and yet your > > system is IPv6-enabled. > > > > The name "localhost" for IPv6-enabled systems is ::1. > > > > A squid binary that is built with --disable-ipv6 will not permit ::1 > > since it is non-IP4. But it will be recognized as part of "all" IP space. > > > > > HTTP/1.1 200 OK > > > Server: squid > > > Mime-Version: 1.0 > > > Date: Tue, 11 Oct 2016 03:47:36 GMT > > > ... > > > What is happend? And what is the right way to connect to > > > > cache_management from > > > > > localhost? > > > > squidclient defaults to localhost and port 3128 for management access to > > > > Squid. Just use: > > squidclient mgr:info > > > > Amos > > > > ___ > > squid-users mailing list > > squid-users@lists.squid-cache.org > > http://lists.squid-cache.org/listinfo/squid-users > > -- -- There's no such thing as bad weather - only the wrong clothes. - Billy Connolly Please reply to the list; please *don't* CC me. ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
I think it could be the sequence of the rules, do this command and post the results: grep . /etc/squid-your-version/squid.conf | grep -v "#" 2016-10-11 3:59 GMT-03:00 Amos Jeffries : > On 11/10/2016 4:54 p.m., Михаил wrote: > > I check version of squid 3.5.21 with my configuration and I faced with a > > problem. Early I used in version 3.5.12 this line for connect localhost, > but now > > it doesn't work. > > Order is important. Where you place the rules in squid.conf matters a > lot with regards to whether they are actually useful and do what you > want, or not. > > > # squid.conf > > ... > > http_access allow localhost manager > > http_access deny manager > > ... > > # squidclient -p 3128 -h localhost mgr:info > > HTTP/1.1 403 Forbidden > > Server: squid > > Mime-Version: 1.0 > > Date: Tue, 11 Oct 2016 03:42:54 GMT > > ... > > > If I set a full access I could connect to localhost. > > > > # squid.conf > > ... > > http_access allow all > > http_access deny manager > > ... > > > So what IP address(es) does 'localhost' resolve to? > > > # squidclient -p 3128 -h localhost mgr:info > > stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build > > parameters. > > I know you said in a followup to ignore this. But it may be important. > > It shows that squidclient was built with --disable-ipv6, and yet your > system is IPv6-enabled. > > The name "localhost" for IPv6-enabled systems is ::1. > > A squid binary that is built with --disable-ipv6 will not permit ::1 > since it is non-IP4. But it will be recognized as part of "all" IP space. > > > > HTTP/1.1 200 OK > > Server: squid > > Mime-Version: 1.0 > > Date: Tue, 11 Oct 2016 03:47:36 GMT > > ... > > What is happend? And what is the right way to connect to > cache_management from > > localhost? > > squidclient defaults to localhost and port 3128 for management access to > Squid. Just use: > > squidclient mgr:info > > Amos > > ___ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users > -- ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
On 11/10/2016 4:54 p.m., Михаил wrote: > I check version of squid 3.5.21 with my configuration and I faced with a > problem. Early I used in version 3.5.12 this line for connect localhost, but > now > it doesn't work. Order is important. Where you place the rules in squid.conf matters a lot with regards to whether they are actually useful and do what you want, or not. > # squid.conf > ... > http_access allow localhost manager > http_access deny manager > ... > # squidclient -p 3128 -h localhost mgr:info > HTTP/1.1 403 Forbidden > Server: squid > Mime-Version: 1.0 > Date: Tue, 11 Oct 2016 03:42:54 GMT > ... > If I set a full access I could connect to localhost. > # squid.conf > ... > http_access allow all > http_access deny manager > ... So what IP address(es) does 'localhost' resolve to? > # squidclient -p 3128 -h localhost mgr:info > stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build > parameters. I know you said in a followup to ignore this. But it may be important. It shows that squidclient was built with --disable-ipv6, and yet your system is IPv6-enabled. The name "localhost" for IPv6-enabled systems is ::1. A squid binary that is built with --disable-ipv6 will not permit ::1 since it is non-IP4. But it will be recognized as part of "all" IP space. > HTTP/1.1 200 OK > Server: squid > Mime-Version: 1.0 > Date: Tue, 11 Oct 2016 03:47:36 GMT > ... > What is happend? And what is the right way to connect to cache_management > from > localhost? squidclient defaults to localhost and port 3128 for management access to Squid. Just use: squidclient mgr:info Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] ERROR: Cannot connect to 127.0.0.1:3128
Hi! Please don't pay attention on this line. :)stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters. Best regards, Misha. 11.10.2016, 11:55, "Михаил" :I check version of squid 3.5.21 with my configuration and I faced with a problem. Early I used in version 3.5.12 this line for connect localhost, but now it doesn't work.# squid.conf...http_access allow localhost managerhttp_access deny manager... # squidclient -p 3128 -h localhost mgr:infoHTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 11 Oct 2016 03:42:54 GMT... If I set a full access I could connect to localhost.# squid.conf...http_access allow allhttp_access deny manager... # squidclient -p 3128 -h localhost mgr:infoHTTP/1.1 200 OKServer: squidMime-Version: 1.0Date: Tue, 11 Oct 2016 03:47:36 GMT... What is happend? And what is the right way to connect to cache_management from localhost? Best regards, Misha.,___squid-users mailing listsquid-users@lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
[squid-users] ERROR: Cannot connect to 127.0.0.1:3128
I check version of squid 3.5.21 with my configuration and I faced with a problem. Early I used in version 3.5.12 this line for connect localhost, but now it doesn't work.# squid.conf...http_access allow localhost managerhttp_access deny manager... # squidclient -p 3128 -h localhost mgr:infoHTTP/1.1 403 ForbiddenServer: squidMime-Version: 1.0Date: Tue, 11 Oct 2016 03:42:54 GMT... If I set a full access I could connect to localhost.# squid.conf...http_access allow allhttp_access deny manager... # squidclient -p 3128 -h localhost mgr:infostub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters.HTTP/1.1 200 OKServer: squidMime-Version: 1.0Date: Tue, 11 Oct 2016 03:47:36 GMT... What is happend? And what is the right way to connect to cache_management from localhost? Best regards, Misha.___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
