Andreev Nikita wrote:
Hi. I'm trying to get basic squid info by issuing 'squidclient -p 8080 mgr:info'. Port 8080 is where our squid is listening to connections. All clients works fine through the squid. But squidclient return http response (lets say mydomain.com is my domain): ERROR The requested URL could not be retrieved While trying to retrieve the URL: cache_object://localhost.mydomain.com/info The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect. Your cache administrator is root@xxxxxxxxxxxxx Here are the squid access directives: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny pubrooms pubrooms_ext http_access allow localhost http_access allow our_networks http_access deny all Here is the debug info: 2009/01/16 11:00:35| The request GET cache_object://localhost/info is ALLOWED, because it matched 'localhost'
Here the "http_request allow manager localhost" matched, so the request was allowed.
2009/01/16 11:00:35| CACHEMGR: <unknown>@127.0.0.1 requesting 'info' 2009/01/16 11:00:35| The reply for GET cache_object://localhost.mydomain.com/info is DENIED, because it matched 'all'
What do your "reply_access" lines look like? The reply to this allowed request is denied.
2009/01/16 11:00:35| The reply for GET cache_object://localhost.mydomain.com/info is ALLOWED, because it matched 'all' This debug output is absolutely unclear for me. Why does the same link hit the same acl with different results (deny and allow).
Because that ACL is used in more than one rule.
Why are there two different links?
Squid test both the request and the reply against access rules.
And finally. Why it doesn't work?
It did work. Just as you configured it to. ;o) If computers did what we want instead of what we ask them to, I'd likely be out of a job...
Regards, LPIC-1, EMCPA Nikita Andreev
Chris
