Roberto Navarro - Tusprofesionales, SL wrote:
I cannot acces cachemgr.cgi
Whenever I try to access, i get the following error:
ERROR
Cache Access Denied
While trying to retrieve the URL: cache_object://localhost/
The following error was encountered:
* Acceso denegado al caché.
Sorry, you are not currently allowed to request:
cache_object://localhost/
from this cache until you have authenticated yourself.
You need to use Netscape version 2.0 or greater, or Microsoft Internet
Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
contact the cache administrator if you have
difficulties authenticating yourself or change your default password.
Generated Tue, 30 Jan 2007 16:32:05 GMT by proxy.domain.com
(squid/2.5.STABLE13)
This is our actual conf:
# cat /etc/squid/squid.conf|grep -v \#|grep -v ^$
http_port 127.0.0.1:3128
http_port 192.168.0.32:3128
http_port 192.168.0.32:8080
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex php cgi-bin \?
no_cache deny QUERY
cache_dir ufs /var/spool/squid 500 16 256
cache_dir ufs /home/squid 7000 16 256
ftp_user -joe@
ftp_list_width 64
ftp_passive off
redirect_program /usr/bin/squidguard -c /etc/squid/squidguard.conf
redirect_children 15
auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param basic program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl AuthorizedUsers proxy_auth REQUIRED
http_access allow AuthorizedUsers
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl snmppublic snmp_community tusprofe
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl snmpServer src 86.109.160.230/255.255.255.255
acl apache src 192.168.0.32/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 2000 8443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow manager apache
http_access deny manager !localhost !apache
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
cache_mgr rnavarro@xxxxxxxxxxxxxxxxxxx
cache_effective_user squid
cache_effective_group squid
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
cachemgr_passwd 6yt55rr44 all
error_directory /usr/share/squid/errors/Spanish
snmp_port 3401
snmp_access allow snmppublic localhost
snmp_access allow snmppublic snmpServer
snmp_access deny all
coredump_dir /var/spool/squid
All the computers are configured to use transparent proxy, and their
requests are redirected with iptables, but the computer from I'm
trying to access the cachemgr, doesn't have the proxy configured nor
is using it as transparent proxy (their requests aren't redirected by
iptables).
_________________
Regards,
Roberto Navarro Reyes
SysAdmin - Tusprofesionales, SL
If you specify a cachemgr_passwd and use the "all" keyword, it seems you
have to use the cache_mgr as the user. Using another user (or none at
all) will show you the menu, but will not allow you to perform any actions.
Chris