Tested same thing.. I noticed it does have the default when I ran squid -k parse see below
I restored lines: http_access deny !safeports http_access deny CONNECT !sslports http_access allow localhost manager http_access deny manager cachemgr_passwd disable offline_toggle reconfigure shutdown cachemgr_passwd redacted password all eui_lookup on acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\? acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com http_access allow CONNECT wuCONNECT localnet http_access allow CONNECT wuCONNECT localhost http_access allow windowsupdate localnet http_access allow windowsupdate localhost http_access allow HttpAccess localnet http_access allow HttpAccess localhost http_access deny manager http_access deny to_ipv6 http_access deny from_ipv6 acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken" acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch sslproxy_cert_error deny all acl splice_only src 192.168.1.8 #Tasha iPhone acl splice_only src 192.168.1.10 #Jon iPhone acl splice_only src 192.168.1.11 #Amazon Fire acl splice_only src 192.168.1.15 #Tasha HP acl splice_only src 192.168.1.16 #iPad acl splice_only_mac arp redactedmac acl splice_only_mac arp redactedmac acl splice_only_mac arp redactedmac acl splice_only_mac arp redactedmac acl splice_only_mac arp redactedmac acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" acl markBumped annotate_client bumped=true acl active_use annotate_client active=true acl bump_only src 192.168.1.3 #webtv acl bump_only src 192.168.1.4 #toshiba acl bump_only src 192.168.1.5 #imac acl bump_only src 192.168.1.9 #macbook acl bump_only src 192.168.1.13 #dell acl bump_only_mac arp redactedmac acl bump_only_mac arp redactedmac acl bump_only_mac arp redactedmac acl bump_only_mac arp redactedmac acl bump_only_mac arp redactedmac sslproxy_cert_sign signTrusted bump_only_mac ssl_bump peek step1 miss_access deny no_miss active_use ssl_bump splice https_login active_use ssl_bump splice splice_only_mac splice_only active_use ssl_bump splice NoBumpDNS active_use ssl_bump splice NoSSLIntercept active_use ssl_bump bump bump_only_mac bump_only active_use acl activated note active_use true ssl_bump terminate !activated shutdown_lifetime 1 seconds negative_dns_ttl 5 minutes Output same Shell Output - squidclient -v -U admin -W redactedpassword mgr:info Request: GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0 Host: localhost:3128 User-Agent: squidclient/6.6 Accept: */* Authorization: Basic redactedQ== Connection: close . HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Thu, 11 Jul 2024 21:06:49 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3788 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: Lee_Family.home.arpa Cache-Status: Lee_Family.home.arpa;detail=no-cache Connection: close same thing tested with -h 127.0.0.1 Request: GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0 Host: 127.0.0.1:3128 User-Agent: squidclient/6.6 Accept: */* Authorization: Basic redacted== Connection: close . HTTP/1.1 403 Forbidden Server: squid Mime-Version: 1.0 Date: Thu, 11 Jul 2024 21:18:48 GMT Content-Type: text/html;charset=utf-8 Content-Length: 3788 X-Squid-Error: ERR_ACCESS_DENIED 0 Vary: Accept-Language Content-Language: en Cache-Status: Lee_Family.home.arpa Cache-Status: Lee_Family.home.arpa;detail=no-cache Connection: close squid -k parse shows 2024/07/11 14:09:27| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0) 2024/07/11 14:09:27| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/07/11 14:09:27| Processing: http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2024/07/11 14:09:27| Starting Authentication on port 127.0.0.1:3128 2024/07/11 14:09:27| Disabling Authentication on port 127.0.0.1:3128 (interception enabled) 2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead. 2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/07/11 14:09:27| Processing: https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2024/07/11 14:09:27| Starting Authentication on port 127.0.0.1:3129 2024/07/11 14:09:27| Disabling Authentication on port 127.0.0.1:3129 (interception enabled) 2024/07/11 14:09:27| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead. 2024/07/11 14:09:27| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048' OpenSSL-saved error #1: 0x1e08010c 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/07/11 14:09:27| Processing: tcp_outgoing_address 207.231.82.182 2024/07/11 14:09:27| Processing: icp_port 0 2024/07/11 14:09:27| Processing: digest_generation off 2024/07/11 14:09:27| Processing: dns_v4_first on 2024/07/11 14:09:27| ERROR: Directive 'dns_v4_first' is obsolete. 2024/07/11 14:09:27| dns_v4_first : Remove this line. Squid no longer supports preferential treatment of DNS A records. 2024/07/11 14:09:27| Processing: pid_filename /var/run/squid/squid.pid 2024/07/11 14:09:27| Processing: cache_effective_user squid 2024/07/11 14:09:27| Processing: cache_effective_group proxy 2024/07/11 14:09:27| Processing: error_default_language en 2024/07/11 14:09:27| Processing: icon_directory /usr/local/etc/squid/icons 2024/07/11 14:09:27| Processing: visible_hostname Lee_Family.home.arpa 2024/07/11 14:09:27| Processing: cache_mgr jonathanlee...@gmail.com 2024/07/11 14:09:27| Processing: access_log /var/squid/logs/access.log 2024/07/11 14:09:27| Processing: cache_log /var/squid/logs/cache.log 2024/07/11 14:09:27| Processing: cache_store_log none 2024/07/11 14:09:27| Processing: netdb_filename /var/squid/logs/netdb.state 2024/07/11 14:09:27| Processing: pinger_enable on 2024/07/11 14:09:27| Processing: pinger_program /usr/local/libexec/squid/pinger 2024/07/11 14:09:27| Processing: sslcrtd_program /usr/local/libexec/squid/security_file_certgen -s /var/squid/lib/ssl_db -M 4MB -b 2048 2024/07/11 14:09:27| Processing: tls_outgoing_options cafile=/usr/local/share/certs/ca-root-nss.crt 2024/07/11 14:09:27| Processing: tls_outgoing_options capath=/usr/local/share/certs/ 2024/07/11 14:09:27| Processing: tls_outgoing_options options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE,SINGLE_ECDH_USE 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_DH_USE 2024/07/11 14:09:27| ERROR: Unsupported TLS option SINGLE_ECDH_USE 2024/07/11 14:09:27| Processing: tls_outgoing_options cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:!RC4:!aNULL:!eNULL:!LOW:!3DES:!SHA1:!MD5:!EXP:!PSK:!SRP:!DSS 2024/07/11 14:09:27| Processing: sslcrtd_children 10 2024/07/11 14:09:27| Processing: logfile_rotate 7 2024/07/11 14:09:27| Processing: debug_options rotate=7 2024/07/11 14:09:27| Processing: shutdown_lifetime 3 seconds 2024/07/11 14:09:27| Processing: acl localnet src 192.168.1.0/27 2024/07/11 14:09:27| Processing: forwarded_for delete 2024/07/11 14:09:27| Processing: via off 2024/07/11 14:09:27| Processing: httpd_suppress_version_string on 2024/07/11 14:09:27| Processing: uri_whitespace strip 2024/07/11 14:09:27| Processing: acl block_hours time 00:30-05:00 2024/07/11 14:09:27| Processing: ssl_bump terminate all block_hours 2024/07/11 14:09:27| Processing: http_access deny all block_hours 2024/07/11 14:09:27| Processing: acl getmethod method GET 2024/07/11 14:09:27| Processing: acl to_ipv6 dst ipv6 2024/07/11 14:09:27| Processing: acl from_ipv6 src ipv6 2024/07/11 14:09:27| Processing: acl HttpAccess dstdomain "/usr/local/pkg/http.access" 2024/07/11 14:09:27| Processing: acl windowsupdate dstdomain "/usr/local/pkg/windowsupdate" 2024/07/11 14:09:27| Processing: acl rewritedoms dstdomain "/usr/local/pkg/desdom" 2024/07/11 14:09:27| Processing: always_direct allow all 2024/07/11 14:09:27| Processing: refresh_all_ims on 2024/07/11 14:09:27| Processing: reload_into_ims on 2024/07/11 14:09:27| Processing: max_stale 20 years 2024/07/11 14:09:27| Processing: minimum_expiry_time 0 2024/07/11 14:09:27| Processing: refresh_pattern -i ^http.*squid\.internal.* 43200 100% 79900 override-expire override-lastmod ignore-reload ignore-no-store ignore-must-revalidate ignore-private ignore-auth 2024/07/11 14:09:27| UPGRADE: refresh_pattern option 'ignore-must-revalidate' is obsolete. Remove it. 2024/07/11 14:09:27| UPGRADE: refresh_pattern option 'ignore-auth' is obsolete. Remove it. 2024/07/11 14:09:27| Processing: refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims 2024/07/11 14:09:27| Processing: refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims 2024/07/11 14:09:27| Processing: refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims 2024/07/11 14:09:27| Processing: refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims 2024/07/11 14:09:27| Processing: refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims 2024/07/11 14:09:27| Processing: refresh_pattern -i windowsupdate.com/..(cab|exe|msi|msu|msf|asf|wma|wmv)|dat|zip)$ 4320 80% 43200 refresh-ims 2024/07/11 14:09:27| Processing: acl https_login url_regex -i ^https.*(login|Login).* 2024/07/11 14:09:27| Processing: cache deny https_login 2024/07/11 14:09:27| Processing: range_offset_limit 512 MB windowsupdate 2024/07/11 14:09:27| Processing: range_offset_limit 4 MB 2024/07/11 14:09:27| Processing: quick_abort_min -1 KB 2024/07/11 14:09:27| Processing: cache_mem 64 MB 2024/07/11 14:09:27| Processing: maximum_object_size_in_memory 256 KB 2024/07/11 14:09:27| Processing: memory_replacement_policy heap GDSF 2024/07/11 14:09:27| Processing: cache_replacement_policy heap LFUDA 2024/07/11 14:09:27| Processing: minimum_object_size 0 KB 2024/07/11 14:09:27| Processing: maximum_object_size 512 MB 2024/07/11 14:09:27| Processing: cache_dir diskd /var/squid/cache 64000 256 256 2024/07/11 14:09:27| Processing: offline_mode off 2024/07/11 14:09:27| Processing: cache_swap_low 90 2024/07/11 14:09:27| Processing: cache_swap_high 95 2024/07/11 14:09:27| Processing: acl donotcache dstdomain "/var/squid/acl/donotcache.acl" 2024/07/11 14:09:27| Processing: cache deny donotcache 2024/07/11 14:09:27| Processing: cache allow all 2024/07/11 14:09:27| Processing: refresh_pattern ^ftp: 1440 20% 10080 2024/07/11 14:09:27| Processing: refresh_pattern ^gopher: 1440 0% 1440 2024/07/11 14:09:27| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 2024/07/11 14:09:27| Processing: refresh_pattern . 0 20% 4320 2024/07/11 14:09:27| Processing: acl allsrc src all 2024/07/11 14:09:27| Processing: acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 8080 3128 3129 1025-65535 2024/07/11 14:09:27| Processing: acl sslports port 443 563 8080 5223 2197 2024/07/11 14:09:27| Processing: acl purge method PURGE 2024/07/11 14:09:27| Processing: acl connect method CONNECT 2024/07/11 14:09:27| Processing: acl HTTP proto HTTP 2024/07/11 14:09:27| Processing: acl HTTPS proto HTTPS 2024/07/11 14:09:27| Processing: acl step1 at_step SslBump1 2024/07/11 14:09:27| Processing: acl step2 at_step SslBump2 2024/07/11 14:09:27| Processing: acl step3 at_step SslBump3 2024/07/11 14:09:27| Processing: acl banned_hosts src "/var/squid/acl/banned_hosts.acl" 2024/07/11 14:09:27| Processing: acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl" 2024/07/11 14:09:27| Processing: acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl" 2024/07/11 14:09:27| Processing: http_access allow manager localhost 2024/07/11 14:09:27| Processing: http_access deny manager 2024/07/11 14:09:27| Processing: http_access allow purge localhost 2024/07/11 14:09:27| Processing: http_access deny purge 2024/07/11 14:09:27| Processing: http_access deny !safeports 2024/07/11 14:09:27| Processing: http_access deny CONNECT !sslports 2024/07/11 14:09:27| Processing: http_access allow localhost 2024/07/11 14:09:27| Processing: quick_abort_min 0 KB 2024/07/11 14:09:27| Processing: quick_abort_max 0 KB 2024/07/11 14:09:27| Processing: quick_abort_pct 95 2024/07/11 14:09:27| Processing: request_body_max_size 0 KB 2024/07/11 14:09:27| Processing: delay_pools 1 2024/07/11 14:09:27| Processing: delay_class 1 2 2024/07/11 14:09:27| Processing: delay_parameters 1 -1/-1 -1/-1 2024/07/11 14:09:27| Processing: delay_initial_bucket_level 100 2024/07/11 14:09:27| Processing: delay_access 1 allow allsrc 2024/07/11 14:09:27| Processing: deny_info TCP_RESET allsrc 2024/07/11 14:09:27| Processing: url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf 2024/07/11 14:09:27| Processing: url_rewrite_bypass off 2024/07/11 14:09:27| Processing: url_rewrite_children 32 startup=8 idle=4 concurrency=0 2024/07/11 14:09:27| Processing: http_access deny banned_hosts 2024/07/11 14:09:27| Processing: http_access allow whitelist 2024/07/11 14:09:27| Processing: http_access deny blacklist 2024/07/11 14:09:27| Processing: request_header_access X-GoogApps-Allowed-Domains deny all 2024/07/11 14:09:27| Processing: request_header_add X-GoogApps-Allowed-Domains consumer_accounts 2024/07/11 14:09:27| Processing: acl youtubedst dstdomain -n www.youtube.com m.youtube.com youtubei.googleapis.com youtube.googleapis.com www.youtube-nocookie.com 2024/07/11 14:09:27| Processing: request_header_access YouTube-Restrict deny all 2024/07/11 14:09:27| Processing: request_header_add YouTube-Restrict none youtubedst 2024/07/11 14:09:27| Processing: acl sglog url_regex -i sgr=ACCESSDENIED 2024/07/11 14:09:27| Processing: http_access deny sglog 2024/07/11 14:09:27| Processing: http_access deny !safeports 2024/07/11 14:09:27| Processing: http_access deny CONNECT !sslports 2024/07/11 14:09:27| Processing: http_access allow localhost manager 2024/07/11 14:09:27| Processing: http_access deny manager 2024/07/11 14:09:27| Processing: cachemgr_passwd disable offline_toggle reconfigure shutdown 2024/07/11 14:09:27| Processing: cachemgr_passwd redacted all 2024/07/11 14:09:27| Processing: eui_lookup on 2024/07/11 14:09:27| Processing: acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\? 2024/07/11 14:09:27| Processing: acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat 2024/07/11 14:09:27| Processing: acl CONNECT method CONNECT 2024/07/11 14:09:27| Processing: acl wuCONNECT dstdomain www.update.microsoft.com 2024/07/11 14:09:27| Processing: acl wuCONNECT dstdomain sls.microsoft.com 2024/07/11 14:09:27| Processing: http_access allow CONNECT wuCONNECT localnet 2024/07/11 14:09:27| Processing: http_access allow CONNECT wuCONNECT localhost 2024/07/11 14:09:27| Processing: http_access allow windowsupdate localnet 2024/07/11 14:09:27| Processing: http_access allow windowsupdate localhost 2024/07/11 14:09:27| Processing: http_access allow HttpAccess localnet 2024/07/11 14:09:27| Processing: http_access allow HttpAccess localhost 2024/07/11 14:09:27| Processing: http_access deny manager 2024/07/11 14:09:27| Processing: http_access deny to_ipv6 2024/07/11 14:09:27| Processing: http_access deny from_ipv6 2024/07/11 14:09:27| Processing: acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken" 2024/07/11 14:09:27| Processing: acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH 2024/07/11 14:09:27| Processing: sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch 2024/07/11 14:09:27| Processing: sslproxy_cert_error deny all 2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.8 #Tasha iPhone 2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.10 #Jon iPhone 2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.11 #Amazon Fire 2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.15 #Tasha HP 2024/07/11 14:09:27| Processing: acl splice_only src 192.168.1.16 #iPad 2024/07/11 14:09:27| Processing: acl splice_only_mac arp 2024/07/11 14:09:27| Processing: acl splice_only_mac arp 2024/07/11 14:09:27| Processing: acl splice_only_mac arp 2024/07/11 14:09:27| Processing: acl splice_only_mac arp 2024/07/11 14:09:27| Processing: acl splice_only_mac arp 2024/07/11 14:09:27| Processing: acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" 2024/07/11 14:09:27| Processing: acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" 2024/07/11 14:09:27| Processing: acl markBumped annotate_client bumped=true 2024/07/11 14:09:27| Processing: acl active_use annotate_client active=true 2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.3 #webtv 2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.4 #toshiba 2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.5 #imac 2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.9 #macbook 2024/07/11 14:09:27| Processing: acl bump_only src 192.168.1.13 #dell 2024/07/11 14:09:27| Processing: acl bump_only_mac arp 2024/07/11 14:09:27| Processing: acl bump_only_mac arp 2024/07/11 14:09:27| Processing: acl bump_only_mac arp 2024/07/11 14:09:27| Processing: acl bump_only_mac arp 2024/07/11 14:09:27| Processing: acl bump_only_mac arp 2024/07/11 14:09:27| Processing: sslproxy_cert_sign signTrusted bump_only_mac 2024/07/11 14:09:27| Processing: ssl_bump peek step1 2024/07/11 14:09:27| Processing: miss_access deny no_miss active_use 2024/07/11 14:09:27| Processing: ssl_bump splice https_login active_use 2024/07/11 14:09:27| Processing: ssl_bump splice splice_only_mac splice_only active_use 2024/07/11 14:09:27| Processing: ssl_bump splice NoBumpDNS active_use 2024/07/11 14:09:27| Processing: ssl_bump splice NoSSLIntercept active_use 2024/07/11 14:09:27| Processing: ssl_bump bump bump_only_mac bump_only active_use 2024/07/11 14:09:27| Processing: acl activated note active_use true 2024/07/11 14:09:27| Processing: ssl_bump terminate !activated 2024/07/11 14:09:27| Processing: shutdown_lifetime 1 seconds 2024/07/11 14:09:27| Processing: negative_dns_ttl 5 minutes 2024/07/11 14:09:27| Processing: http_access allow localnet 2024/07/11 14:09:27| Processing: http_access deny allsrc 2024/07/11 14:09:27| WARNING: use of 'override-expire' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: use of 'override-lastmod' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: use of 'reload-into-ims' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: use of 'ignore-reload' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: use of 'ignore-no-store' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: use of 'ignore-private' in 'refresh_pattern' violates HTTP 2024/07/11 14:09:27| WARNING: HTTP requires the use of Via 2024/07/11 14:09:27| Requiring client certificates. 2024/07/11 14:09:28| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse 2024/07/11 14:09:29| Not requiring any client certificates 2024/07/11 14:09:29| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse 2024/07/11 14:09:30| Not requiring any client certificates 2024/07/11 14:09:30| Loaded signing certificate: /CN=internal-ca/C=US/ST=California/L=Roseville/O=Homeuse 2024/07/11 14:09:30| Not requiring any client certificates > On Jul 11, 2024, at 13:16, Amos Jeffries <squ...@treenet.co.nz> wrote: > > > Lets see ... > > >>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote: > >>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted > >>> mgr:info > >>> > >>> Request: > >>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0 > >>> Host: 127.0.0.1:3128 > >>> User-Agent: squidclient/6.6 > >>> Accept: */* > >>> Authorization: Basic YWRtaW4..REDACTED..Q== > >>> Connection: close > > > On 12/07/24 06:12, Jonathan Lee wrote: >> http_access allow CONNECT wuCONNECT localnet >> http_access allow CONNECT wuCONNECT localhost > > > ... GET is not CONNECT. Skip the above. > > >> http_access allow windowsupdate localnet >> http_access allow windowsupdate localhost > > > ... 127.0.0.1 is not in *.microsoft.com. Skip the above. > > >> http_access allow HttpAccess localnet >> http_access allow HttpAccess localhost > > > ... 127.0.0.1 is not listed in /usr/local/pkg/http.access. Skip the above. > > >> http_access deny manager > > > ... /squid-internal-mgr/ matches. DENY the request. > > > Problem solved. > > What you should do is restore the default security settings which we ship > with Squid. > > Place these above your custom http_access lines: > > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access allow localhost manager > http_access deny manager > > > see <https://wiki.squid-cache.org/Releases/Squid-5> for the ACL details if > you need them too. > > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
