Andreev Nikita wrote:
Hi.
I'm trying to get basic squid info by issuing 'squidclient -p 8080
mgr:info'. Port 8080 is where our squid is listening to connections.
All clients works fine through the squid. But squidclient return http
response (lets say mydomain.com is my domain):
ERROR
The requested URL could not be retrieved
While trying to retrieve the URL:
cache_object://localhost.mydomain.com/info
The following error was encountered:
Access Denied.
Access control configuration prevents your request from
being allowed at this time. Please contact your service provider if
you feel this is incorrect.
Your cache administrator is r...@mydomain.com.
Here are the squid access directives:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny pubrooms pubrooms_ext
http_access allow localhost
http_access allow our_networks
http_access deny all
Here is the debug info:
2009/01/16 11:00:35| The request GET cache_object://localhost/info is ALLOWED,
because it matched 'localhost'
Here the "http_request allow manager localhost" matched, so the request
was allowed.
2009/01/16 11:00:35| CACHEMGR: <unknown>@127.0.0.1 requesting 'info'
2009/01/16 11:00:35| The reply for GET
cache_object://localhost.mydomain.com/info is DENIED, because it matched 'all'
What do your "reply_access" lines look like? The reply to this allowed
request is denied.
2009/01/16 11:00:35| The reply for GET
cache_object://localhost.mydomain.com/info is ALLOWED, because it matched 'all'
This debug output is absolutely unclear for me. Why does the same link
hit the same acl with different results (deny and allow).
Because that ACL is used in more than one rule.
Why are there two different links?
Squid test both the request and the reply against access rules.
And finally. Why it doesn't work?
It did work. Just as you configured it to. ;o) If computers did what
we want instead of what we ask them to, I'd likely be out of a job...
Regards,
LPIC-1, EMCPA
Nikita Andreev
Chris
