Search squid archive

Re: Help with cache manager in accelerator mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Sean SPALDING wrote:

Hi all,

I'm a squid newbie and struggling with getting Cache Manager working. I keep getting:

"Access Denied.
Access control configuration prevents your request from being allowed at this time."

What am I missing?

Here's our squid.conf:


emulate_httpd_log on


Please instead use:
  access_log /var/log/squid/access.log common



cache_dir ufs /squid_cache/squid 2048 16 256
cache_mem 1024 MB

access_log /var/log/squid/access.log

strip_query_terms off
read_ahead_gap 128 Kb

collapsed_forwarding on
refresh_stale_hit 30 seconds

retry_on_error on

maximum_object_size_in_memory 1 MB

acl manager proto cache_object

acl all src 0.0.0.0/0.0.0.0


all src all


acl purgehosts src 127.0.0.1/255.255.255.255


Please just leave this called "localhost".
Both the IP and the name have special meaning in networking and are referenced by the name "localhost" in some default Squid settings. 


acl wcmshosts src 10.1.122.131-10.1.122.135/32


No need for the /32 there.



acl QUERY urlpath_regex /cgi-bin /_edit /_admin /_nocache /__lib /__fudge /_login
acl PURGE method PURGE
acl POST method POST
acl CONNECT method CONNECT

no_cache deny QUERY
no_cache deny POST


cache deny QUERY
cache deny POST



http_access deny manager !purgehosts


The one above prevents non-localhost machines doing manager.
ie all the wcmshosts machines are blocked.


http_access deny manager !wcmshosts


The one above prevents non-wcmshosts machines doing manager.
ie the purgehosts / localhost machine is blocked.

... leaving exactly zero machines able to do manager requests.

Use this instead:
 http_access deny manager !purgehosts !wcmshosts
 http_access allow manager



http_access allow CONNECT purgehosts
http_access allow CONNECT wcmshosts


missing a "http_access deny CONNECT" here?


http_access allow PURGE purgehosts
http_access allow PURGE wcmshosts
http_access deny PURGE
http_access allow all


I _really_ hope this was only for testing.



http_port 3128
http_port 10.1.122.131:80 vhost
http_port 10.1.122.131:8443 vhost
cache_peer 127.0.0.1 parent 80 0 originserver no-query no-digest default




redirect_rewrites_host_header off

read_ahead_gap 128 Kb

shutdown_lifetime 5 seconds

cachemgr_passwd XXXXXXXX all




Amos
--
Please be using
  Current Stable Squid 2.7.STABLE7 or 3.0.STABLE20
  Current Beta Squid 3.1.0.14
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux