Re: [squid-users] GET cache_object://localhost/info on a reverse proxy setup
Oh, you are using a url rewriter.. I would do it differently. url_rewrite_access deny manager this way you can still use squidclient on your published URLs and have Squid react like expected on them, including URL rewrites... On mån, 2008-07-07 at 14:25 +0200, David Obando wrote: > Hi, > > I found out, I had to configure an acl in squidGuard.conf: > > > dbhome /var/lib/squidguard/db > logdir /var/log/squid > > # > # DESTINATION CLASSES: > # > > src local { > ip 127.0.0.1 > } > > dest good { > } > > dest local { > } > > acl { > local { > pass all > } > > default { > redirect > http://localhost:8080/VirtualHostBase/http/www.xyz.de:80/VirtualHostRoot/%p > } > } > > > > > Thanks! > David > > Henrik Nordstrom schrieb am 07.07.2008 14:03: > > On mÃ¥n, 2008-07-07 at 10:19 +0200, David Obando wrote: > > > >> Hi, > >> > >> thanks for the hint, I added > >> > >> http_port 127.0.0.1:3128 > >> > >> to my config. Now I can access port 3128 with telnet or squidclient, but > >> receive an "access denied": > >> > >> /var/log/squid/access.log: > >> 127.0.0.1 - - [07/Jul/2008:10:16:43 +0200] "GET > >> cache_object://localhost/info HTTP/1.0" 403 1430 "-" "-" TCP_DENIED:NONE > >> > > > > You probably aren't allowing localhost access to the manager functions.. > > > > there is rules to allow this in the standard squid.conf installed when > > you install Squid, but.. > > > > Regards > > Henrik > > > > signature.asc Description: This is a digitally signed message part
Re: [squid-users] GET cache_object://localhost/info on a reverse proxy setup
Hi, I found out, I had to configure an acl in squidGuard.conf: dbhome /var/lib/squidguard/db logdir /var/log/squid # # DESTINATION CLASSES: # src local { ip 127.0.0.1 } dest good { } dest local { } acl { local { pass all } default { redirect http://localhost:8080/VirtualHostBase/http/www.xyz.de:80/VirtualHostRoot/%p } } Thanks! David Henrik Nordstrom schrieb am 07.07.2008 14:03: On mån, 2008-07-07 at 10:19 +0200, David Obando wrote: Hi, thanks for the hint, I added http_port 127.0.0.1:3128 to my config. Now I can access port 3128 with telnet or squidclient, but receive an "access denied": /var/log/squid/access.log: 127.0.0.1 - - [07/Jul/2008:10:16:43 +0200] "GET cache_object://localhost/info HTTP/1.0" 403 1430 "-" "-" TCP_DENIED:NONE You probably aren't allowing localhost access to the manager functions.. there is rules to allow this in the standard squid.conf installed when you install Squid, but.. Regards Henrik -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Re: [squid-users] GET cache_object://localhost/info on a reverse proxy setup
On mån, 2008-07-07 at 10:19 +0200, David Obando wrote: > Hi, > > thanks for the hint, I added > > http_port 127.0.0.1:3128 > > to my config. Now I can access port 3128 with telnet or squidclient, but > receive an "access denied": > > /var/log/squid/access.log: > 127.0.0.1 - - [07/Jul/2008:10:16:43 +0200] "GET > cache_object://localhost/info HTTP/1.0" 403 1430 "-" "-" TCP_DENIED:NONE You probably aren't allowing localhost access to the manager functions.. there is rules to allow this in the standard squid.conf installed when you install Squid, but.. Regards Henrik signature.asc Description: This is a digitally signed message part
Re: [squid-users] GET cache_object://localhost/info on a reverse proxy setup
Hi, thanks for the hint, I added http_port 127.0.0.1:3128 to my config. Now I can access port 3128 with telnet or squidclient, but receive an "access denied": /var/log/squid/access.log: 127.0.0.1 - - [07/Jul/2008:10:16:43 +0200] "GET cache_object://localhost/info HTTP/1.0" 403 1430 "-" "-" TCP_DENIED:NONE Regards, David Henrik Nordstrom schrieb am 04.07.2008 01:22: On tor, 2008-07-03 at 17:01 +0200, David Obando wrote: Dear all, I'm using Squid as a reverse proxy in a Squid/Pound/Zope/Plone-setup. Squid is running on port 80. I would like to access the cache manager with the munin plugins to monitor Squid. The plugins use a HTTP request "GET cache_object://localhost/info HTTP/1.0". Standard port 3128 isn't active, when asking port 80 I get a 404-error from zope. How can I access the cache manager in such a setup? Are you sending the query to Squid, or directly to Zope? What I usually do in reverse proxy setups is to set up a normal 3128 listening port on loopback for cachemgr and squidclient to use. http_port 127.0.0.1:3128 Regards Henrik -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87
Re: [squid-users] GET cache_object://localhost/info on a reverse proxy setup
On tor, 2008-07-03 at 17:01 +0200, David Obando wrote: > Dear all, > > I'm using Squid as a reverse proxy in a Squid/Pound/Zope/Plone-setup. > Squid is running on port 80. > > I would like to access the cache manager with the munin plugins to > monitor Squid. The plugins use a HTTP request > "GET cache_object://localhost/info HTTP/1.0". > Standard port 3128 isn't active, when asking port 80 I get a 404-error > from zope. > > How can I access the cache manager in such a setup? Are you sending the query to Squid, or directly to Zope? What I usually do in reverse proxy setups is to set up a normal 3128 listening port on loopback for cachemgr and squidclient to use. http_port 127.0.0.1:3128 Regards Henrik signature.asc Description: This is a digitally signed message part
[squid-users] GET cache_object://localhost/info on a reverse proxy setup
Dear all, I'm using Squid as a reverse proxy in a Squid/Pound/Zope/Plone-setup. Squid is running on port 80. I would like to access the cache manager with the munin plugins to monitor Squid. The plugins use a HTTP request "GET cache_object://localhost/info HTTP/1.0". Standard port 3128 isn't active, when asking port 80 I get a 404-error from zope. How can I access the cache manager in such a setup? My squid.conf is: hierarchy_stoplist cgi-bin ? #acl QUERY urlpath_regex cgi-bin \? #no_cache deny QUERY auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern ^ftp: 144020% 10080 refresh_pattern ^gopher:1440 0% 1440 refresh_pattern . 020% 4320 # Basic ACLs acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/32 acl ssl_ports port 443 563 acl safe_ports port 8080 80 443 #acl zope_servers src 127.0.0.2 127.0.0.1 acl manager proto cache_object acl connect method connect # deny requests to unknown ports http_access deny !safe_ports acl accelerated_protocols proto http https acl accelerated_domains dstdomain lb.xxx.de acl accelerated_domains dstdomain lb1.xxx.de acl accelerated_domains dstdomain lb2.xxx.de acl accelerated_domains dstdomain xxx.de acl accelerated_domains dstdomain www.xxx.de acl accelerated_ports myport 80 443 http_access allow accelerated_domains accelerated_ports accelerated_protocols # Purge access - zope servers can purge but nobody else acl purge method PURGE #http_access allow zope_servers purge http_access deny purge # Reply access http_reply_access allow all # Cache manager setup - cache manager can only connect from localhost # only allow cache manager access from localhost http_access allow manager localhost http_access deny manager # deny connect to other than ssl ports http_access deny connect !ssl_ports # ICP access - anybody can access icp methods icp_access allow localhost # And finally deny all other access to this proxy http_access deny all coredump_dir /usr/local/squid/cache http_port 80 defaultsite=www.xxx.de #http_port 80 defaultsite=lb.xxx.de #http_port 80 cache_peer 127.0.0.1 parent 8080 0 no-query originserver #cache_peer 127.0.0.1 parent 8080 0 no-query originserver round-robin #cache_peer 127.0.0.1 parent 8080 0 no-query visible_hostname www.xxx.de cache_mem 2000 MB maximum_object_size 40960 KB maximum_object_size_in_memory 100 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA cache_dir aufs /var/spool/squid 1 16 256 logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log /var/log/squid/access.log combined redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf #redirect_program /etc/squid/redirector.pl negative_ttl 0 minutes positive_dns_ttl 60 minutes negative_dns_ttl 1 minutes Thanks for your support, David -- The day microsoft makes something that doesn't suck is the day they start making vacuum cleaners. gpg --keyserver pgp.mit.edu --recv-keys 1920BD87 Key fingerprint = 3326 32CE 888B DFF1 DED3 B8D2 105F 29CB 1920 BD87