Can you please help I moved from 5.8 to 6.6 I am getting access denied for mgr
info.
Http manager is built in now right?
I can access it from the loopback
Sent from my iPhone
___
squid-users mailing list
squid-users@lists.squid-cache.org
https://lists.s
Correction I can’t access it from the loop back
Sent from my iPhone
> On Apr 5, 2024, at 22:40, Jonathan Lee wrote:
>
> Can you please help I moved from 5.8 to 6.6 I am getting access denied for
> mgr info.
>
> Http manager is built in now right?
> I can access it from the loopback
> Sent fro
Hi Jonathan,
could you share the parts of your squid configuration that relate to the
cache manager?
It's hard to help you with so little information.
On Sat, Apr 6, 2024 at 12:48 PM Jonathan Lee
wrote:
> Correction I can’t access it from the loop back
> Sent from my iPhone
>
> > On Apr 5, 202
On 2024-04-06 01:40, Jonathan Lee wrote:
Can you please help I moved from 5.8 to 6.6 I am getting access denied for mgr
info.
Http manager is built in now right?
Yes, it is and it was. No changes there.
I can access it from the loopback
Currently, you may need to figure out what hostn
On 6/04/24 18:48, Jonathan Lee wrote:
Correction I can’t access it from the loop back
From the config in the other "Squid cache questions" thread you are
only intercepting traffic on the loopback 127.0.0.1:3128 port. You
cannot access it directly on "localhost".
You do have direct proxy (an
Just to confirm
the cache_object://url scheme was removed in Squid 6.6 was it replaced with
just squid-internal-mgr???
so squidclient mgr:info
can we still use this or no?
> On Apr 6, 2024, at 20:18, Amos Jeffries wrote:
>
> On 6/04/24 18:48, Jonathan Lee wrote:
>> Correction I can’t access
On Tue, Apr 16, 2024 at 2:20 AM Jonathan Lee
wrote:
> Just to confirm
>
> the cache_object://url scheme was removed in Squid 6.6 was it replaced
> with just squid-internal-mgr???
>
Hi,
yes, that's it. In addition, squidclient is no longer built or
distributed with Squid, since any web browser
This shows access denied in 6.6 I have a password for cache_manager does that
cause any issues with accessing this new mgr directive ?
> On Apr 6, 2024, at 20:18, Amos Jeffries wrote:
>
> On 6/04/24 18:48, Jonathan Lee wrote:
>> Correction I can’t access it from the loop back
>
> From the conf
Also
squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD
squidclient -h 1287.0.0.1 mgr:info@PASSWORD
Gives the following error
Embedding a password in a cache manager command requires providing a username
with -U: mgr:info@PASSWORDHERE
> On Jul 8, 2024, at 15:13, Jonathan Lee wrote:
>
> cache
On 2024-07-08, Jonathan Lee wrote:
>
> Also=20
> squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD
> squidclient -h 1287.0.0.1 mgr:info@PASSWORD
>
> Gives the following error
>
> Embedding a password in a cache manager command requires providing a =
> username with -U: mgr:info@PASSWORDHERE
Try "
Thanks do I still append the cache manager password ?
Sent from my iPhone
> On Jul 9, 2024, at 05:47, Stuart Henderson wrote:
>
> On 2024-07-08, Jonathan Lee wrote:
>>
>> Also=20
>> squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD
>> squidclient -h 1287.0.0.1 mgr:info@PASSWORD
>>
>> Gives t
Thanks that also gave the error access denied
-Original Message-
From: squid-users On Behalf Of
Stuart Henderson
Sent: Tuesday, July 9, 2024 5:40 AM
To: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows
access denined
On 2024
On 2024-07-08, Jonathan Lee wrote:
squidclient -h 192.168.1.1:3128 mgr:info@PASSWORD squidclient -h
1287.0.0.1 mgr:info@PASSWORD
Gives the following error
Embedding a password in a cache manager command requires providing a =
username with -U: mgr:info@PASSWORDHERE
Try "/squid-internal-mgr/
That makes sense, I only had a password in the previous version, how do I add
username admin for cachemgr? I don’t have a username configured yet, I can’t
find the directive for cachemgr username
Sent from my iPhone
> On Jul 10, 2024, at 04:29, Matus UHLAR - fantomas wrote:
>
>
>>
>>> On 20
On 10.07.24 08:52, Jonathan Lee wrote:
That makes sense, I only had a password in the previous version, how do I
add username admin for cachemgr?
you don't, that's why I said "username was not important"
simply try random username
On Jul 10, 2024, at 04:29, Matus UHLAR - fantomas wrote:
I have it says denied as if it requires an entry for one to use password, again
if I remove the password the same thing happens. Weird right? Could WPAD cause
this?
Sent from my iPhone
> On Jul 10, 2024, at 09:21, Matus UHLAR - fantomas wrote:
>
> On 10.07.24 08:52, Jonathan Lee wrote:
>> Th
On 10.07.24 09:33, Jonathan Lee wrote:
To: Matus UHLAR - fantomas
please avoid personal copies.
I have it says denied as if it requires an entry for one to use password, again
if I remove the password the same thing happens. Weird right? Could WPAD cause
this?
what exactly did you run?
s
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:
On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command requires providing a
username with -U
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w http://192.168.1.1:3128/squid-internal-mgr/i
Thanks
Sent from my iPhone
> On Jul 10, 2024, at 11:08, Alex Rousskov
> wrote:
>
> On 2024-07-10 12:55, Jonathan Lee wrote:
>
>>> Embedding a password in a cache manager command requires providing a
>>> username with -U
>
>> squidclient -w /squid-internal-mgr/info -u admin
>> squidclient -w
On 11/07/24 06:08, Alex Rousskov wrote:
On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command requires providing a
username with -U
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w
h
Thanks what about the password is it set with@ or -p where would I place that?
Sent from my iPhone
> On Jul 11, 2024, at 10:17, Amos Jeffries wrote:
>
>
>> On 11/07/24 06:08, Alex Rousskov wrote:
>> On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command r
Shell Output - squidclient -v -U admin -W REDACTED mgr:info
Request:
GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close
.
HTTP/1.1 403 Forbidden
Server: squ
also
Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close
.
HTTP/1.1 403 F
I use http access acl set as followed
acl getmethod method GET
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6
acl HttpAccess dstdomain "/usr/local/pkg/http.access”
/usr/local/pkg/http.access
contains:
office.com
data.microsoft.com
windowsupdate.com
dc1-st.ksn.kaspersky-labs.com
dc1-file.ksn.kasper
cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd PASSWORDREDCATED all
eui_lookup on
acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\?
acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.updat
Could this cause the issue?
acl https_login url_regex -i ^https.*(login|Login).*
cache deny https_login
> On Jul 11, 2024, at 11:12, Jonathan Lee wrote:
>
> cachemgr_passwd disable offline_toggle reconfigure shutdown
> cachemgr_passwd PASSWORDREDCATED all
> eui_lookup on
> acl no_miss url_rege
On 12/07/24 05:27, Jonathan Lee wrote:
Thanks what about the password is it set with@ or -p where would I place that?
Neither. It is set with -W .
Amos
Sent from my iPhone
On Jul 11, 2024, at 10:17, Amos Jeffries wrote:
It is very relevant. As Matus already mentioned, both -U and -W.
s
Ok I sent output prior email that shows the right path but says access denied
Sent from my iPhone
> On Jul 11, 2024, at 12:59, Amos Jeffries wrote:
>
> On 12/07/24 05:27, Jonathan Lee wrote:
>> Thanks what about the password is it set with@ or -p where would I place
>> that?
>
> Neither. It
Lets see ...
>>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote:
>>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted
>>> mgr:info
>>>
>>> Request:
>>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
>>> Host: 127.0.0.1:3128
>>> User-Agent: squidclient/6.6
>>> A
Tested same thing..
I noticed it does have the default when I ran squid -k parse see below
I restored lines:
http_access deny !safeports
http_access deny CONNECT !sslports
http_access allow localhost manager
http_access deny manager
cachemgr_passwd disable offline_toggle reconfigure shutdown
cac
Oh, I see the problem:
http_port 127.0.0.1:3128 intercept ...
(which also means you lack a firewall rule preventing external
software like squidclient from sending traffic directly to your
intercept port.)
Please **do not** use port 3128 to receive intercepted traffic.
I recommend chan
> I recommend changing your main port to this:
>
> http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-ro
Here is how it is set
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+S
On 12/07/24 11:50, Jonathan Lee wrote:
I recommend changing your main port to this:
http_port 3128 ssl-bump
This is set to this when it processes
http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem
Thanks I fixed the firewall rules, I am trying tproxy and it seems to help with
speed right now.
Sent from my iPhone
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> http_port 3128 ssl-bump
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs/ca-root-nss.crt capath=/u
Sorry that test was on the 5.8 version I am using that boot environment right
now. All others were on 6.6 does 6.6 support no IP port combo?
Sent from my iPhone
> On Jul 12, 2024, at 09:16, Jonathan Lee wrote:
>
> tested with removal of IP and port failed If I leave port I get this
>
> 2024/0
On 13/07/24 04:16, Jonathan Lee wrote:
tested with removal of IP and port failed If I leave port I get this
2024/07/12 09:15:17| Processing: http_port :3128 intercept
No ":" before thr port number.
Amos
___
squid-users mailing list
squid-users@lis
2024/07/17 21:07:37| Processing Configuration File:
/usr/local/etc/squid/squid.conf (depth 0)
2024/07/17 21:07:37| Processing: http_port 192.168.1.1:3128 ssl-bump
generate-host-certificates=on dynamic_cert_mem_cache_size=20MB
cert=/usr/local/etc/squid/serverkey.pem
cafile=/usr/local/share/certs
Same result
Shell Output - squidclient -v -h 127.0.0.1 -p 3128 -U cachemgr -W REDACTED
mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic redacted==
Connection: close
.
HTTP/1.1 403 For
Again still no status page
This is the active php code used
function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages',
'squidcache','config'));
$proxy_ifaces = explode(",",
config_get_path('installedpackages/sq
Do I use
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
> On Jul 17, 2024, at 21:08, Jonathan Lee wrote:
>
> 2024/07/17 21:07:37| Processing Configuration File:
> /usr/local/etc/squid/squid.conf (depth 0)
> 2024/07/17 21:07:37| Processing: http_port 192
without password enabled
Shell Output - curl http://127.0.0.1:3128/squid-internal-mgr/info
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 -
On 17.07.24 21:12, Jonathan Lee wrote:
Shell Output - squidclient -v -h 127.0.0.1 -p 3128 -U cachemgr -W REDACTED
mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic redacted==
Connection:
On 2024-07-18 00:55, Jonathan Lee wrote:
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
See "man curl" or online manual pages for curl. They will point you to
two relevant options: --user and --proxy-user. AFAICT, your particular
cache manager requests
Hello, Jonathan,
> curl http://localhost:3128/squid-internal-mgr/info
> Where would I place the password?
I use the following configuration:
http_access allow localhost manager
cachemgr_passwd redacted config
The command to read the current running config is:
curl localhost:3128/squid-internal
Thanks for the info
I tried it and this also failed. Dang
Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0
Also I have tested
curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
curl localhost:3128/squid-internal-mgr -u :redacted
curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use
hostname in place of localhost)
and testing with no password same commands lock up the system wit
Can you try supplying a username to curl? It's also common practice to
put flags ('-u user:redacted') before arguments (the URL)
On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee wrote:
>
> Thanks for the info
>
> I tried it and this also failed. Dang
>
> Shell Output - curl localhost:3128/squid-inter
That would require a username for the cachemgr_password account right? I have
no usernames set up for this.
How does one add a username for this directive ?
> On Jul 22, 2024, at 11:13, Francesco Chemolli wrote:
>
> Can you try supplying a username to curl? It's also common practice to
> put f
Not really, no. Username is not considered, it's just to make sure
that curl sends all the data
On Mon, Jul 22, 2024 at 7:21 PM Jonathan Lee wrote:
>
> That would require a username for the cachemgr_password account right? I have
> no usernames set up for this.
>
> How does one add a username fo
Ok thanks let me boot that environment and test again, my concern is that is
looks like it is attempting it from my WAN side address that is my wan address
and not the loopback
> On Jul 22, 2024, at 11:22, Francesco Chemolli wrote:
>
> Not really, no. Username is not considered, it's just to
Tested thanks for the reply and idea access denied and tested with a firewall
rule to approve everything to port 80 same result with or without mgr_passord
configured, it is like the page is missing in Squid 6.6 or something
Shell Output - curl localhost:3128/squid-internal-mgr/info -u admin:re
Hi Jonathan,
could you try:
curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu
?
On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee wrote:
>
> Also I have tested
>
> curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
> curl localhost:3128/squid-internal-mgr -u :redacted
> curl
Shell Output - curl -u anything:REDACTED
http://localhost:3128/squid-internal-mgr/menu
% Total% Received % Xferd Average Speed TimeTime Time Current
Dload Upload Total SpentLeft Speed
0 00 00 0 0 0 --:--:
Shows a miss 403 in the cache logs for it
- -
26.07.2024 10:57:01 192.168.1.5 NONE_NONE_ABORTED/200
dc1.ksn.kaspersky-labs.com:443 - -
26.07.2024 10:56:48 127.0.0.1 TCP_MISS/403
http://localhost:3128/squid-internal-mgr/menu - 127.0.0.1
26.07.2024 10:56
Does this also auto solve for IPv6 connections changing it to just
http_port 3128
https_port 3129??
> On Jul 12, 2024, at 04:57, Amos Jeffries wrote:
>
> On 12/07/24 11:50, Jonathan Lee wrote:
>>> I recommend changing your main port to this:
>>>
>>> http_port 3128 ssl-bump
>> This is s
client << " requesting '" <<
actionName << "'" );
// special case: /squid-internal-mgr/ index page
// special case: an index page
if (!strcmp(cmd->profile->name, "index")) {
ErrorState err(MGR_INDEX, Http::scOkay, request, ale);
err.url = xstrdup(e
The directive
cachemgr_passwd
does not allow the ability to add a username right?
> On Aug 1, 2024, at 12:30, Jonathan Lee wrote:
>
> client << " requesting '" <<
>actionName << "'" );
>
> // special case: /squid-internal-mgr/ index page
> // special case: an ind
https://github.com/squid-cache/squid/commit/a4e35bd8ffe51cda83e63faab79bda5a838c7e1a
Seems to want a valid username
https://github.com/squid-cache/squid/commit/3c383cc371e7ad69c533e629c6997f325aa3752d
Has squid-internal-mgr special case change to an
// special case: /squid-internal-mgr/ index
On 01.08.24 13:14, Jonathan Lee wrote:
cachemgr_passwd
does not allow the ability to add a username right?
This has been answered multiple times, but perhaps logs in the flood of
mail:
You can use any username because it is ignored.
Please, check your config once more.
Is it possible that
62 matches
Mail list logo