[squid-users] How to run squidclient
Hi all, I am running CentOS 6.6 64 bit, and need to get some information from the command line. Compiled squid as: ./configure --prefix=/home/cache --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock [root@ISN-PHC-Cache bin]# ./squidclient mgr:info HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 02:29:53 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3552 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close # # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on localhost is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_reply_access allow all http_access allow localnet http_access allow localhost # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 http_port 3129 intercept # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256 cache_dir ufs /home/cache/var/cache/squid 35 16 256 # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:14400% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 Thanks ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
On 21/03/2015 6:15 a.m., Monah Baki wrote: Regarding DNS lookup, if I type nslookup 10.0.0.24 or nslookup isn-phc-cache, Our nameservers in /etc/resolv.conf are google's name server Do I need to resolve first to use squidclient??? No, the squidclient resolving is done as you saw in its output and gets the right IPv4-only and 127.0.0.1. The problem will appear later when you view error messages or directory listings generated by Squid. All the icons and generated URLs will be using that isn-phc-cache as their domain. I'm not exactly sure what the problem is. Your config is pretty much default and I dont hit this on my test proxies. Please try these (mind the wrap): squidclient -j isn-phc-cache:3128 cache_object://isn-phc-cache:3128/info squidclient -j isn-phc-cache:3128 http://isn-phc-cache:3128/squid-internal-mgr/info squidclient -j isn-phc-cache:3128 http://isn-phc-cache/squid-internal-mgr/info Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
Hi Amos,
[root@ISN-PHC-Cache bin]# ./squidclient -V
Version: 3.5.2
[root@ISN-PHC-Cache bin]# ./squidclient -vv mgr:info
verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: localhost
User-Agent: squidclient/3.5.2
Accept: */*
Connection: close
.
Transport detected: IPv4-only
Resolving localhost ...
Connecting... localhost (127.0.0.1:3128)
Connected to: localhost (127.0.0.1:3128)
Sending HTTP request ...
done.
HTTP/1.1 403 Forbidden
Server: squid/3.5.2
Mime-Version: 1.0
Date: Fri, 20 Mar 2015 17:29:54 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3549
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from isn-phc-cache
Via: 1.1 isn-phc-cache (squid/3.5.2)
Connection: close
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN
http://www.w3.org/TR/html4/strict.dtd;
htmlhead
meta type=copyright content=Copyright (C) 1996-2015 The Squid Software
Foundation and contributors
meta http-equiv=Content-Type content=text/html; charset=utf-8
titleERROR: The requested URL could not be retrieved/title
style type=text/css!--
/*
* Copyright (C) 1996-2015 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/
/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/
/* Page basics */
* {
font-family: verdana, sans-serif;
}
html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}
/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat
left;
}
/* initial title */
#titles h1 {
color: #00;
}
#titles h2 {
color: #00;
}
/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}
/* Page displayed body content area */
#content {
padding: 10px;
background: #ff;
}
/* General text */
p {
}
/* error brief description */
#error p {
}
/* some data which may have caused the problem */
#data {
}
/* the error message received from the system or other software */
#sysmsg {
}
pre {
font-family:sans-serif;
}
/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}
/* horizontal lines */
hr {
margin: 0;
}
/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}
body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya,
sans-serif; float: right; }
:lang(he) { direction: rtl; }
--/style
/headbody id=ERR_ACCESS_DENIED
div id=titles
h1ERROR/h1
h2The requested URL could not be retrieved/h2
/div
hr
div id=content
pThe following error was encountered while trying to retrieve the URL: a
href=cache_object://localhost/infocache_object://localhost/info/a/p
blockquote id=error
pbAccess Denied./b/p
/blockquote
pAccess control configuration prevents your request from being allowed at
this time. Please contact your service provider if you feel this is
incorrect./p
pYour cache administrator is a href=mailto:webmaster
?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIEDamp;body=CacheHost%3A%20isn-phc-cache%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2020%20Mar%202015%2017%3A29%3A54%20GMT%0D%0A%0D%0AClientIP%3A%2010.0.0.24%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHost%3A%20localhost%0D%0AUser-Agent%3A%20squidclient%2F3.5.2%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0D%0Awebmaster/a./p
br
/div
hr
div id=footer
pGenerated Fri, 20 Mar 2015 17:29:54 GMT by isn-phc-cache
(squid/3.5.2)/p
!-- ERR_ACCESS_DENIED --
/div
/body/html
On Fri, Mar 20, 2015 at 12:13 PM, Amos Jeffries squ...@treenet.co.nz
wrote:
On 20/03/2015 11:04 p.m., Monah Baki wrote:
Hi all,
I am running CentOS 6.6 64 bit, and need to get some information from the
command line.
Compiled squid as:
./configure --prefix=/home/cache --enable-follow-x-forwarded-for
--with-large-files --enable-ssl --disable-ipv6 --enable-esi
--enable-kill-parent-hack --enable-snmp --with-pthreads
--with-filedescriptors=65535 --enable-cachemgr-hostname=hostname
--enable-storeio=ufs,aufs,diskd,rock
[root@ISN-PHC-Cache bin]# ./squidclient mgr:info
HTTP/1.1 403 Forbidden
Server: squid/3.5.2
Mime-Version: 1.0
Date: Fri, 20 Mar 2015 02:29:53 GMT
Content-Type:
Re: [squid-users] How to run squidclient
Regarding DNS lookup, if I type nslookup 10.0.0.24 or nslookup
isn-phc-cache,
Our nameservers in /etc/resolv.conf are google's name server
Do I need to resolve first to use squidclient???
[root@ISN-PHC-Cache bin]# ./squidclient -vv -j isn-phc-cache mgr:info
verbosity level set to 2
Request:
GET cache_object://localhost/info HTTP/1.0
Host: isn-phc-cache
User-Agent: squidclient/3.5.2
Accept: */*
Connection: close
.
Transport detected: IPv4-only
Resolving localhost ...
Connecting... localhost (127.0.0.1:3128)
Connected to: localhost (127.0.0.1:3128)
Sending HTTP request ...
done.
HTTP/1.1 403 Forbidden
Server: squid/3.5.2
Mime-Version: 1.0
Date: Fri, 20 Mar 2015 18:11:21 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3553
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
X-Cache: MISS from isn-phc-cache
Via: 1.1 isn-phc-cache (squid/3.5.2)
Connection: close
!DOCTYPE html PUBLIC -//W3C//DTD HTML 4.01//EN
http://www.w3.org/TR/html4/strict.dtd;
htmlhead
meta type=copyright content=Copyright (C) 1996-2015 The Squid Software
Foundation and contributors
meta http-equiv=Content-Type content=text/html; charset=utf-8
titleERROR: The requested URL could not be retrieved/title
style type=text/css!--
/*
* Copyright (C) 1996-2015 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/
/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/
/* Page basics */
* {
font-family: verdana, sans-serif;
}
html body {
margin: 0;
padding: 0;
background: #efefef;
font-size: 12px;
color: #1e1e1e;
}
/* Page displayed title area */
#titles {
margin-left: 15px;
padding: 10px;
padding-left: 100px;
background: url('http://www.squid-cache.org/Artwork/SN.png') no-repeat
left;
}
/* initial title */
#titles h1 {
color: #00;
}
#titles h2 {
color: #00;
}
/* special event: FTP success page titles */
#titles ftpsuccess {
background-color:#00ff00;
width:100%;
}
/* Page displayed body content area */
#content {
padding: 10px;
background: #ff;
}
/* General text */
p {
}
/* error brief description */
#error p {
}
/* some data which may have caused the problem */
#data {
}
/* the error message received from the system or other software */
#sysmsg {
}
pre {
font-family:sans-serif;
}
/* special event: FTP / Gopher directory listing */
#dirmsg {
font-family: courier;
color: black;
font-size: 10pt;
}
#dirlisting {
margin-left: 2%;
margin-right: 2%;
}
#dirlisting tr.entry td.icon,td.filename,td.size,td.date {
border-bottom: groove;
}
#dirlisting td.size {
width: 50px;
text-align: right;
padding-right: 5px;
}
/* horizontal lines */
hr {
margin: 0;
}
/* page displayed footer area */
#footer {
font-size: 9px;
padding-left: 10px;
}
body
:lang(fa) { direction: rtl; font-size: 100%; font-family: Tahoma, Roya,
sans-serif; float: right; }
:lang(he) { direction: rtl; }
--/style
/headbody id=ERR_ACCESS_DENIED
div id=titles
h1ERROR/h1
h2The requested URL could not be retrieved/h2
/div
hr
div id=content
pThe following error was encountered while trying to retrieve the URL: a
href=cache_object://localhost/infocache_object://localhost/info/a/p
blockquote id=error
pbAccess Denied./b/p
/blockquote
pAccess control configuration prevents your request from being allowed at
this time. Please contact your service provider if you feel this is
incorrect./p
pYour cache administrator is a href=mailto:webmaster
?subject=CacheErrorInfo%20-%20ERR_ACCESS_DENIEDamp;body=CacheHost%3A%20isn-phc-cache%0D%0AErrPage%3A%20ERR_ACCESS_DENIED%0D%0AErr%3A%20%5Bnone%5D%0D%0ATimeStamp%3A%20Fri,%2020%20Mar%202015%2018%3A11%3A21%20GMT%0D%0A%0D%0AClientIP%3A%2010.0.0.24%0D%0A%0D%0AHTTP%20Request%3A%0D%0AGET%20%2Finfo%20HTTP%2F1.0%0AHost%3A%20isn-phc-cache%0D%0AUser-Agent%3A%20squidclient%2F3.5.2%0D%0AAccept%3A%20*%2F*%0D%0AConnection%3A%20close%0D%0A%0D%0A%0D%0Awebmaster/a./p
br
/div
hr
div id=footer
pGenerated Fri, 20 Mar 2015 18:11:21 GMT by isn-phc-cache
(squid/3.5.2)/p
!-- ERR_ACCESS_DENIED --
/div
/body/html
On Fri, Mar 20, 2015 at 1:00 PM, Amos Jeffries squ...@treenet.co.nz wrote:
Interesting.
I wonder if your Squid is resolving localhost domain name as ::1 and
rejecting it because IPv6 is disabled, therefore not permitted. Or if
its the domain name not matching the proxy name.
Try adding -j isn-phc-cache which sets the Host: header to match what
the cache thinks its public domain name is.
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
Re: [squid-users] How to run squidclient
On 20/03/2015 11:04 p.m., Monah Baki wrote: Hi all, I am running CentOS 6.6 64 bit, and need to get some information from the command line. Compiled squid as: ./configure --prefix=/home/cache --enable-follow-x-forwarded-for --with-large-files --enable-ssl --disable-ipv6 --enable-esi --enable-kill-parent-hack --enable-snmp --with-pthreads --with-filedescriptors=65535 --enable-cachemgr-hostname=hostname --enable-storeio=ufs,aufs,diskd,rock [root@ISN-PHC-Cache bin]# ./squidclient mgr:info HTTP/1.1 403 Forbidden Server: squid/3.5.2 Mime-Version: 1.0 Date: Fri, 20 Mar 2015 02:29:53 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3552 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en X-Cache: MISS from isn-phc-cache Via: 1.1 isn-phc-cache (squid/3.5.2) Connection: close Well the request is getting through to the proxy isn-phc-cache. But for some reason its being rejected. You have this: # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager So it should be allowed. You are running squidclient connecting to the default (localhost:3128) proxy server. Use -v option to get more verbose output from squidclient about what its doing. You can repeat the option several times to get more detailed debug info. The other thing to watch out for is whether ./squidclient run from that /bin directory is the 3.5.2 version or not. If its from an older version of Squid it wont have all the options the new ones do. Amos ___ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
