[squid-users] How to run squidclient
Hi all, I am running CentOS 6.6 64 bit, and need to get some information from the command line. Compiled squid as: ./configure --prefix=/home/cache --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock [root@ISN-PHC-Cache bin]# ./squidclient mgr:info HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 02:29:53 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3552 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close # # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_reply_access allow all http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 intercept # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256 cache_dir ufs /home/cache/var/cache/squid 35 16 256 # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Thanks ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
On 21/03/2015 6:15 a.m., Monah Baki wrote: Regarding DNS lookup, if I type nslookup 10.0.0.24 or nslookup isn-phc-cache, Our nameservers in /etc/resolv.conf are google's name server Do I need to resolve first to use squidclient??? No, the squidclient resolving is done as you saw in its output and gets the right IPv4-only and 127.0.0.1. The problem will appear later when you view error messages or directory listings generated by Squid. All the icons and generated URLs will be using that isn-phc-cache as their domain. I'm not exactly sure what the problem is. Your config is pretty much default and I dont hit this on my test proxies. Please try these (mind the wrap): squidclient -j isn-phc-cache:3128 cache_object://isn-phc-cache:3128/info squidclient -j isn-phc-cache:3128 http://isn-phc-cache:3128/squid-internal-mgr/info squidclient -j isn-phc-cache:3128 http://isn-phc-cache/squid-internal-mgr/info Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
Hi Amos, [root@ISN-PHC-Cache bin]# ./squidclient -V Version: 3.5.2 [root@ISN-PHC-Cache bin]# ./squidclient -vv mgr:info verbosity level set to 2 Request: GET cache_object://localhost/info HTTP/1.0 Host: localhost User-Agent: squidclient/3.5.2 Accept: */* Connection: close . Transport detected: IPv4-only Resolving localhost ... Connecting... localhost (127.0.0.1:3128) Connected to: localhost (127.0.0.1:3128) Sending HTTP request ... done. HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 17:29:54 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3549 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; htmlhead meta type=copyright content=Copyright (C) 1996-2015 The Squid Software Foundation and contributors meta http-equiv=Content-Type content=text/html; charset=utf-8 titleERROR: The requested URL could not be retrieved/title style type=text/css!-- /* * Copyright (C) 1996-2015 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. */ /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License */ /* Page basics */ * { font-family: verdana, sans-serif; } html body { margin: 0; padding: 0; background: #efefef; font-size: 12px; color: #1e1e1e; } /* Page displayed title area */ #titles { margin-left: 15px; padding: 10px; padding-left: 100px; background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left; } /* initial title */ #titles h1 { color: #00; } #titles h2 { color: #00; } /* special event: FTP success page titles */ #titles ftpsuccess { background-color:#00ff00; width:100%; } /* Page displayed body content area */ #content { padding: 10px; background: #ff; } /* General text */ p { } /* error brief description */ #error p { } /* some data which may have caused the problem */ #data { } /* the error message received from the system or other software */ #sysmsg { } pre { font-family:sans-serif; } /* special event: FTP / Gopher directory listing */ #dirmsg { font-family: courier; color: black; font-size: 10pt; } #dirlisting { margin-left: 2%; margin-right: 2%; } #dirlisting tr.entry td.icon,td.filename,td.size,td.date { border-bottom: groove; } #dirlisting td.size { width: 50px; text-align: right; padding-right: 5px; } /* horizontal lines */ hr { margin: 0; } /* page displayed footer area */ #footer { font-size: 9px; padding-left: 10px; } body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; } --/style /headbody id=ERR_ACCESS_DENIED div id=titles h1ERROR/h1 h2The requested URL could not be retrieved/h2 /div hr div id=content pThe following error was encountered while trying to retrieve the URL: a href=cache_object://localhost/infocache_object://localhost/info/a/p blockquote id=error pbAccess Denied./b/p /blockquote pAccess control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect./p pYour cache administrator is a href=mailto:webmaster ?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIEDamp;body=CacheHost%3A%20isn-phc-cache%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2020%20Mar%202015%2017%3A29%3A54%20GMT%0D%0A%0D%0AClientIP%3A%2010.0.0.24%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHost%3A%20localhost%0D%0AUser-Agent%3A%20squidclient%2F3.5.2%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0D%0Awebmaster/a./p br /div hr div id=footer pGenerated Fri, 20 Mar 2015 17:29:54 GMT by isn-phc-cache (squid/3.5.2)/p !-- ERR_ACCESS_DENIED -- /div /body/html On Fri, Mar 20, 2015 at 12:13 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 20/03/2015 11:04 p.m., Monah Baki wrote: Hi all, I am running CentOS 6.6 64 bit, and need to get some information from the command line. Compiled squid as: ./configure --prefix=/home/cache --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock [root@ISN-PHC-Cache bin]# ./squidclient mgr:info HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 02:29:53 GMT Content-Type:
Re: [squid-users] How to run squidclient
Regarding DNS lookup, if I type nslookup 10.0.0.24 or nslookup isn-phc-cache, Our nameservers in /etc/resolv.conf are google's name server Do I need to resolve first to use squidclient??? [root@ISN-PHC-Cache bin]# ./squidclient -vv -j isn-phc-cache mgr:info verbosity level set to 2 Request: GET cache_object://localhost/info HTTP/1.0 Host: isn-phc-cache User-Agent: squidclient/3.5.2 Accept: */* Connection: close . Transport detected: IPv4-only Resolving localhost ... Connecting... localhost (127.0.0.1:3128) Connected to: localhost (127.0.0.1:3128) Sending HTTP request ... done. HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 18:11:21 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3553 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close !DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN http://www.w3.org/TR/html4/strict.dtd; htmlhead meta type=copyright content=Copyright (C) 1996-2015 The Squid Software Foundation and contributors meta http-equiv=Content-Type content=text/html; charset=utf-8 titleERROR: The requested URL could not be retrieved/title style type=text/css!-- /* * Copyright (C) 1996-2015 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. */ /* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License */ /* Page basics */ * { font-family: verdana, sans-serif; } html body { margin: 0; padding: 0; background: #efefef; font-size: 12px; color: #1e1e1e; } /* Page displayed title area */ #titles { margin-left: 15px; padding: 10px; padding-left: 100px; background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat left; } /* initial title */ #titles h1 { color: #00; } #titles h2 { color: #00; } /* special event: FTP success page titles */ #titles ftpsuccess { background-color:#00ff00; width:100%; } /* Page displayed body content area */ #content { padding: 10px; background: #ff; } /* General text */ p { } /* error brief description */ #error p { } /* some data which may have caused the problem */ #data { } /* the error message received from the system or other software */ #sysmsg { } pre { font-family:sans-serif; } /* special event: FTP / Gopher directory listing */ #dirmsg { font-family: courier; color: black; font-size: 10pt; } #dirlisting { margin-left: 2%; margin-right: 2%; } #dirlisting tr.entry td.icon,td.filename,td.size,td.date { border-bottom: groove; } #dirlisting td.size { width: 50px; text-align: right; padding-right: 5px; } /* horizontal lines */ hr { margin: 0; } /* page displayed footer area */ #footer { font-size: 9px; padding-left: 10px; } body :lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya, sans-serif; float: right; } :lang(he) { direction: rtl; } --/style /headbody id=ERR_ACCESS_DENIED div id=titles h1ERROR/h1 h2The requested URL could not be retrieved/h2 /div hr div id=content pThe following error was encountered while trying to retrieve the URL: a href=cache_object://localhost/infocache_object://localhost/info/a/p blockquote id=error pbAccess Denied./b/p /blockquote pAccess control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect./p pYour cache administrator is a href=mailto:webmaster ?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIEDamp;body=CacheHost%3A%20isn-phc-cache%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2020%20Mar%202015%2018%3A11%3A21%20GMT%0D%0A%0D%0AClientIP%3A%2010.0.0.24%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHost%3A%20isn-phc-cache%0D%0AUser-Agent%3A%20squidclient%2F3.5.2%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0D%0Awebmaster/a./p br /div hr div id=footer pGenerated Fri, 20 Mar 2015 18:11:21 GMT by isn-phc-cache (squid/3.5.2)/p !-- ERR_ACCESS_DENIED -- /div /body/html On Fri, Mar 20, 2015 at 1:00 PM, Amos Jeffries squ...@treenet.co.nz wrote: Interesting. I wonder if your Squid is resolving localhost domain name as ::1 and rejecting it because IPv6 is disabled, therefore not permitted. Or if its the domain name not matching the proxy name. Try adding -j isn-phc-cache which sets the Host: header to match what the cache thinks its public domain name is. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
On 20/03/2015 11:04 p.m., Monah Baki wrote: Hi all, I am running CentOS 6.6 64 bit, and need to get some information from the command line. Compiled squid as: ./configure --prefix=/home/cache --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock [root@ISN-PHC-Cache bin]# ./squidclient mgr:info HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 02:29:53 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3552 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close Well the request is getting through to the proxy isn-phc-cache. But for some reason its being rejected. You have this: # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager So it should be allowed. You are running squidclient connecting to the default (localhost:3128) proxy server. Use -v option to get more verbose output from squidclient about what its doing. You can repeat the option several times to get more detailed debug info. The other thing to watch out for is whether ./squidclient run from that /bin directory is the 3.5.2 version or not. If its from an older version of Squid it wont have all the options the new ones do. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users