resending because i got a mailer-daemon failure for HTML formatting... all, i am running squid 3.2.5 on fedora 16 64 bit on two separate boxes, load balanced with HA Proxy. i am trying to access cachemgr on either one of the squid instances, and both exhibit the behaviour where the squid-internal-mgr URI is not found. attempts to login via the HA Proxy VIP as well as with no proxy configured (direct access) have been tried. both ways produce the same error. below is some header info: http://192.168.25.1/squid-internal-mgr/ GET /squid-internal-mgr/ HTTP/1.1 Host: 192.168.25.1 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: http://www1.bpk2.com/Squid/cgi-bin/cachemgr.cgi Origin: http://www1.bpk2.com Connection: keep-alive HTTP/1.1 404 Not Found Date: Wed, 10 Apr 2013 23:56:51 GMT Server: Apache Content-Length: 217 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS from proxy1.bpk2.com X-Cache-Lookup: MISS from proxy1.bpk2.com:3128 this used to work, but doesnt now, and i think it might be config related. FYI www1 and proxy1 are the same box/IP. i dont know where i could have gone wrong. below is the squid.conf for the instance in the above header info: # OPTIONS FOR AUTHENTICATION # ----------------------------------------------------------------------------- # TAG: auth_param auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -s GSS_C_NO_NAME auth_param negotiate children 10 auth_param negotiate keep_alive on # TAG: authenticate_cache_garbage_interval # TAG: authenticate_ttl # TAG: authenticate_ip_ttl # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: external_acl_type # TAG: acl acl user_auth proxy_auth REQUIRED acl localhost_src src 127.0.0.1/32 acl peer src 192.168.50.1/32 acl svc_chk src 192.168.25.254/32 acl vip src 192.168.37.254/32 acl net_wired_src src 192.168.1.0/24 acl net_wireless_src src 192.168.2.0/24 acl net_guest_src src 192.168.3.0/24 acl net_server_src src 192.168.25.0/24 acl net_vip_src src 192.168.37.0/24 acl net_vpn_src src 192.168.50.0/24 acl net_ipmi_src src 192.168.253.0/24 acl net_mgmt_src src 192.168.254.0/24 #acl net_clients_src src net_wired_src net_wireless_src net_vpn_src #acl net_servers_src src net_server_src net_ipmi_src net_mgmt_src #acl net_bpk2_src src net_wired_src net_wireless_src net_server_src net_vpn_src net_ipmi_src net_mgmt_src acl localhost_dst dst 127.0.0.1/32 acl host_music_dst dst music.bpk2.com acl net_wired_dst dst 192.168.1.0/24 acl net_wireless_dst dst 192.168.2.0/24 acl net_guest_dst dst 192.168.3.0/24 acl net_server_dst dst 192.168.25.0/24 acl net_vip_dst dst 192.168.37.0/24 acl net_vpn_dst dst 192.168.50.0/24 acl net_ipmi_dst dst 192.168.253.0/24 acl net_mgmt_dst dst 192.168.254.0/24 #acl net_clients_dst dst net_wired_dst net_wireless_dst net_vpn_dst #acl net_servers_dst dst net_server_dst net_ipmi_dst net_mgmt_dst #acl net_bpk2_dst dst net_wired_dst net_wireless_dst net_server_dst net_vpn_dst net_ipmi_dst net_mgmt_dst acl bpk2 dstdomain bpk2.com acl AnyUserAgent browser .* acl DeniedAgents browser "/etc/squid/acl/DeniedAgents" acl DirectAgents browser "/etc/squid/acl/DirectAgents" acl ProxiedAgents browser "/etc/squid/acl/ProxiedAgents" acl AuthAgents browser "/etc/squid/acl/AuthAgents" acl NoAuthAgents browser "/etc/squid/acl/NoAuthAgents" acl NoPrivoxyURLs urlpath_regex "/etc/squid/acl/NoPrivoxyURLs" acl NoAuthSites dstdomain "/etc/squid/acl/NoAuthSites" acl NoUserAgentSites dstdomain "/etc/squid/acl/NoUserAgentSites" acl NoUserAgentSitesRegEx url_regex "/etc/squid/acl/NoUserAgentSitesRegEx" acl DeniedSites dstdomain "/etc/squid/acl/DeniedSites" acl DeniedSitesRegEx url_regex "/etc/squid/acl/DeniedSitesRegEx" acl ftp proto FTP acl AuthRequest http_status 407 #acl manager proto cache_object acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 631 # cups acl Safe_ports port 777 # multiling http acl Safe_ports port 873 # rsync acl Safe_ports port 901 # samba web admin tool acl CONNECT method CONNECT acl snmpread snmp_community <REMOVED> # TAG: follow_x_forwarded_for #follow_x_forwarded_for allow all follow_x_forwarded_for allow svc_chk follow_x_forwarded_for deny all # TAG: acl_uses_indirect_client on|off acl_uses_indirect_client on # TAG: delay_pool_uses_indirect_client on|off # TAG: log_uses_indirect_client on|off log_uses_indirect_client on # TAG: tproxy_uses_indirect_client on|off # TAG: http_access http_access allow net_guest_src host_music_dst http_access deny net_guest_src net_wired_dst http_access deny net_guest_src net_wireless_dst http_access deny net_guest_src net_server_dst http_access deny net_guest_src net_vpn_dst http_access deny net_guest_src net_ipmi_dst http_access deny net_guest_src net_mgmt_dst http_access allow net_guest_src http_access allow manager localhost_src http_access allow manager net_wired_src http_access allow manager net_wireless_src http_access allow manager net_server_src http_access allow manager net_vip_src http_access allow manager net_vpn_src http_access deny manager http_access allow NoAuthAgents http_access allow NoAuthSites http_access allow peer http_access allow svc_chk http_access deny DeniedAgents http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny !CONNECT SSL_ports http_access deny !AnyUserAgent #http_access deny !ProxiedAgents #http_access deny !DirectAgents http_access deny DeniedSites http_access deny DeniedSitesRegEx http_access allow !user_auth net_guest_src http_access allow !user_auth manager http_access deny !user_auth AuthAgents http_access allow ftp http_access allow localhost_src http_access allow net_wired_src http_access allow net_wireless_src http_access allow net_server_src http_access allow net_vpn_src http_access allow net_ipmi_src http_access allow net_mgmt_src http_access allow NoUserAgentSites http_access allow NoUserAgentSitesRegEx http_access allow DirectAgents http_access allow ProxiedAgents #http_access allow ProxiedAgents http_access deny all # TAG: adapted_http_access # TAG: http_reply_access # TAG: icp_access # TAG: htcp_access #htcp_access allow net_vpn_src htcp_access allow all # TAG: htcp_clr_access # TAG: miss_access # TAG: ident_lookup_access # TAG: reply_body_max_size size [acl acl...] # NETWORK OPTIONS # ----------------------------------------------------------------------------- # TAG: http_port http_port 192.168.25.1:3128 # TAG: https_port # TAG: tcp_outgoing_tos # TAG: clientside_tos # TAG: tcp_outgoing_mark # TAG: clientside_mark # TAG: qos_flows # TAG: tcp_outgoing_address # TAG: host_verify_strict # TAG: client_dst_passthru # SSL OPTIONS # ----------------------------------------------------------------------------- # TAG: ssl_unclean_shutdown # TAG: ssl_engine # TAG: sslproxy_client_certificate #sslproxy_client_certificate /etc/pki/tls/certs/bpk2.com.crt # TAG: sslproxy_client_key # TAG: sslproxy_version # TAG: sslproxy_options # TAG: sslproxy_cipher # TAG: sslproxy_cafile # TAG: sslproxy_capath # TAG: ssl_bump # TAG: sslproxy_flags # TAG: sslproxy_cert_error # TAG: sslpassword_program # OPTIONS RELATING TO EXTERNAL SSL_CRTD # ----------------------------------------------------------------------------- # TAG: sslcrtd_program # TAG: sslcrtd_children # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM # ----------------------------------------------------------------------------- # TAG: cache_peer cache_peer 192.168.50.1 sibling 3128 4827 htcp=no-clr cache_peer 127.0.0.1 parent 8080 7 no-query no-digest login=PASSTHRU # TAG: cache_peer_domain # TAG: cache_peer_access # TAG: neighbor_type_domain # TAG: dead_peer_timeout (seconds) # TAG: forward_max_tries # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # MEMORY CACHE OPTIONS # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) cache_mem 1024 MB # TAG: maximum_object_size_in_memory (bytes) maximum_object_size_in_memory 100 MB # TAG: memory_cache_shared on|off # TAG: memory_cache_mode # TAG: memory_replacement_policy memory_replacement_policy heap LFUDA # DISK CACHE OPTIONS # ----------------------------------------------------------------------------- # TAG: cache_replacement_policy cache_replacement_policy heap LFUDA # TAG: cache_dir cache_dir ufs /var/spool/squid 1500 32 512 # TAG: store_dir_select_algorithm # TAG: max_open_disk_fds # TAG: minimum_object_size (bytes) # TAG: maximum_object_size (bytes) maximum_object_size 81920 KB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # LOGFILE OPTIONS # ----------------------------------------------------------------------------- # TAG: logformat logformat custom %>a,%>A,%un,%tl,%la,%lp,%<A,"%{Server}<h",%rm,"HTTP/%rv","%ru","%{User-Agent}>h",%>Hs,%<st,%<tt,"%Ss/%Sh","%mt" # TAG: access_log #access_log daemon:/var/log/squid/access.log custom access_log syslog:local4.info custom !AuthRequest !DeniedSites !svc_chk # TAG: icap_log # TAG: logfile_daemon # TAG: log_access allow|deny acl acl... # TAG: log_icap # TAG: cache_store_log # TAG: cache_swap_state # TAG: logfile_rotate # TAG: emulate_httpd_log # TAG: log_ip_on_direct # TAG: mime_table # TAG: log_mime_hdrs on|off # TAG: useragent_log # TAG: referer_log # TAG: pid_filename # TAG: log_fqdn # TAG: client_netmask # TAG: forward_log # TAG: strip_query_terms strip_query_terms off # TAG: buffered_logs on|off # TAG: netdb_filename # OPTIONS FOR TROUBLESHOOTING # ----------------------------------------------------------------------------- # TAG: cache_log # TAG: debug_options # TAG: coredump_dir coredump_dir /var/spool/squid # OPTIONS FOR FTP GATEWAYING # ----------------------------------------------------------------------------- # TAG: ftp_user # TAG: ftp_list_width # TAG: ftp_passive # TAG: ftp_epsv_all # TAG: ftp_epsv # TAG: ftp_eprt # TAG: ftp_sanitycheck # TAG: ftp_telnet_protocol # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS # ----------------------------------------------------------------------------- # TAG: diskd_program # TAG: unlinkd_program # TAG: pinger_program # TAG: pinger_enable # OPTIONS FOR URL REWRITING # ----------------------------------------------------------------------------- # TAG: url_rewrite_program # TAG: url_rewrite_children # TAG: url_rewrite_concurrency # TAG: url_rewrite_host_header # TAG: url_rewrite_access # TAG: url_rewrite_bypass # OPTIONS FOR TUNING THE CACHE # ----------------------------------------------------------------------------- # TAG: cache cache allow NoAuthAgents cache allow NoAuthSites # TAG: max_stale time-units # TAG: refresh_pattern refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # TAG: quick_abort_min (KB) # TAG: quick_abort_max (KB) # TAG: quick_abort_pct (percent) # TAG: read_ahead_gap buffer-size # TAG: negative_ttl time-units # TAG: positive_dns_ttl time-units # TAG: negative_dns_ttl time-units # TAG: range_offset_limit size [acl acl...] # TAG: minimum_expiry_time (seconds) # TAG: store_avg_object_size (bytes) # TAG: store_objects_per_bucket # HTTP OPTIONS # ----------------------------------------------------------------------------- # TAG: request_header_max_size (KB) # TAG: reply_header_max_size (KB) # TAG: request_body_max_size (bytes) # TAG: client_request_buffer_max_size (bytes) # TAG: chunked_request_body_max_size (bytes) # TAG: broken_posts # TAG: adaptation_uses_indirect_client on|off # TAG: via on|off via off # TAG: ie_refresh on|off # TAG: vary_ignore_expire on|off # TAG: request_entities # TAG: request_header_access # TAG: reply_header_access # TAG: header_replace # TAG: relaxed_header_parser on|off|warn # TAG: ignore_expect_100 on|off # TIMEOUTS # ----------------------------------------------------------------------------- # TAG: forward_timeout time-units # TAG: connect_timeout time-units # TAG: peer_connect_timeout time-units # TAG: read_timeout time-units # TAG: write_timeout time-units # TAG: request_timeout # TAG: client_idle_pconn_timeout # TAG: client_lifetime time-units # TAG: half_closed_clients # TAG: server_idle_pconn_timeout # TAG: ident_timeout # TAG: shutdown_lifetime time-units shutdown_lifetime 1 seconds # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_mgr # TAG: mail_from # TAG: mail_program # TAG: cache_effective_user # TAG: cache_effective_group # TAG: httpd_suppress_version_string on|off httpd_suppress_version_string on # TAG: visible_hostname visible_hostname proxy1.bpk2.com # TAG: unique_hostname # TAG: hostname_aliases # TAG: umask # OPTIONS FOR THE CACHE REGISTRATION SERVICE # ----------------------------------------------------------------------------- # TAG: announce_period # TAG: announce_host # TAG: announce_file # TAG: announce_port # HTTPD-ACCELERATOR OPTIONS # ----------------------------------------------------------------------------- # TAG: httpd_accel_surrogate_id # TAG: http_accel_surrogate_remote on|off # TAG: esi_parser libxml2|expat|custom # DELAY POOL PARAMETERS # ----------------------------------------------------------------------------- # TAG: delay_pools # TAG: delay_class # TAG: delay_access # TAG: delay_parameters # TAG: delay_initial_bucket_level (percent, 0-100) # CLIENT DELAY POOL PARAMETERS # ----------------------------------------------------------------------------- # TAG: client_delay_pools # TAG: client_delay_initial_bucket_level (percent, 0-no_limit) # TAG: client_delay_parameters # TAG: client_delay_access # WCCPv1 AND WCCPv2 CONFIGURATION OPTIONS # ----------------------------------------------------------------------------- # TAG: wccp_router # TAG: wccp2_router # TAG: wccp_version # TAG: wccp2_rebuild_wait # TAG: wccp2_forwarding_method # TAG: wccp2_return_method # TAG: wccp2_assignment_method # TAG: wccp2_service # TAG: wccp2_service_info # TAG: wccp2_weight # TAG: wccp_address # TAG: wccp2_address # PERSISTENT CONNECTION HANDLING # ----------------------------------------------------------------------------- # TAG: client_persistent_connections # TAG: server_persistent_connections # TAG: persistent_connection_after_error # TAG: detect_broken_pconn # CACHE DIGEST OPTIONS # ----------------------------------------------------------------------------- # TAG: digest_generation # TAG: digest_bits_per_entry # TAG: digest_rebuild_period (seconds) # TAG: digest_rewrite_period (seconds) # TAG: digest_swapout_chunk_size (bytes) # TAG: digest_rebuild_chunk_percentage (percent, 0-100) # SNMP OPTIONS # ----------------------------------------------------------------------------- # TAG: snmp_port snmp_port 3401 # TAG: snmp_access snmp_access allow snmpread localhost_src snmp_access allow snmpread net_wired_src snmp_access allow snmpread net_wireless_src snmp_access allow snmpread net_server_src snmp_access deny all # TAG: snmp_incoming_address snmp_incoming_address 0.0.0.0 # TAG: snmp_outgoing_address snmp_outgoing_address 255.255.255.255 # ICP OPTIONS # ----------------------------------------------------------------------------- # TAG: icp_port #icp_port 3130 # TAG: htcp_port htcp_port 4827 # TAG: log_icp_queries on|off # TAG: udp_incoming_address udp_incoming_address 127.0.0.1 # TAG: udp_outgoing_address udp_outgoing_address 0.0.0.0 # TAG: icp_hit_stale on|off # TAG: minimum_direct_hops # TAG: minimum_direct_rtt # TAG: netdb_low # TAG: netdb_high # TAG: netdb_ping_period # TAG: query_icmp on|off # TAG: test_reachability on|off # TAG: icp_query_timeout (msec) # TAG: maximum_icp_query_timeout (msec) # TAG: minimum_icp_query_timeout (msec) # TAG: background_ping_rate time-units # MULTICAST ICP OPTIONS # ----------------------------------------------------------------------------- # TAG: mcast_groups # TAG: mcast_miss_addr # TAG: mcast_miss_ttl # TAG: mcast_miss_port # TAG: mcast_miss_encode_key # TAG: mcast_icp_query_timeout (msec) # INTERNAL ICON OPTIONS # ----------------------------------------------------------------------------- # TAG: icon_directory # TAG: global_internal_static # TAG: short_icon_urls # ERROR PAGE OPTIONS # ----------------------------------------------------------------------------- # TAG: error_directory # TAG: error_default_language # TAG: error_log_languages # TAG: err_page_stylesheet # TAG: err_html_text # TAG: email_err_data on|off # TAG: deny_info # OPTIONS INFLUENCING REQUEST FORWARDING # ----------------------------------------------------------------------------- # TAG: nonhierarchical_direct nonhierarchical_direct off # TAG: prefer_direct # TAG: always_direct always_direct allow DirectAgents always_direct allow NoPrivoxyURLs always_direct allow net_guest_src always_direct allow net_wired_dst always_direct allow net_wireless_dst always_direct allow net_guest_dst always_direct allow net_server_dst always_direct allow net_vpn_dst always_direct allow net_ipmi_dst always_direct allow net_mgmt_dst always_direct allow bpk2 always_direct allow FTP always_direct deny all # TAG: never_direct never_direct deny DirectAgents never_direct deny net_guest_src never_direct allow all # ADVANCED NETWORKING OPTIONS # ----------------------------------------------------------------------------- # TAG: incoming_icp_average # TAG: incoming_http_average # TAG: incoming_dns_average # TAG: min_icp_poll_cnt # TAG: min_dns_poll_cnt # TAG: min_http_poll_cnt # TAG: accept_filter # TAG: client_ip_max_connections # TAG: tcp_recv_bufsize (bytes) # ICAP OPTIONS # ----------------------------------------------------------------------------- # TAG: icap_enable on|off # TAG: icap_connect_timeout # TAG: icap_io_timeout time-units # TAG: icap_service_failure_limit limit [in memory-depth time-units] # TAG: icap_service_revival_delay # TAG: icap_preview_enable on|off # TAG: icap_preview_size # TAG: icap_206_enable on|off # TAG: icap_default_options_ttl # TAG: icap_persistent_connections on|off # TAG: adaptation_send_client_ip on|off # TAG: adaptation_send_username on|off # TAG: icap_client_username_header # TAG: icap_client_username_encode on|off # TAG: icap_service # TAG: icap_class # TAG: icap_access # eCAP OPTIONS # ----------------------------------------------------------------------------- # TAG: ecap_enable on|off # TAG: ecap_service # TAG: loadable_modules # MESSAGE ADAPTATION OPTIONS # ----------------------------------------------------------------------------- # TAG: adaptation_service_set # TAG: adaptation_service_chain # TAG: adaptation_access # TAG: adaptation_service_iteration_limit # TAG: adaptation_masterx_shared_names # TAG: adaptation_meta # TAG: icap_retry # TAG: icap_retry_limit # DNS OPTIONS # ----------------------------------------------------------------------------- # TAG: check_hostnames # TAG: allow_underscore # TAG: cache_dns_program # TAG: dns_children # TAG: dns_retransmit_interval # TAG: dns_timeout # TAG: dns_packet_max # TAG: dns_defnames on|off # TAG: dns_nameservers # TAG: hosts_file # TAG: append_domain append_domain .bpk2.com # TAG: ignore_unknown_nameservers # TAG: dns_v4_first # TAG: ipcache_size (number of entries) ipcache_size 8192 # TAG: ipcache_low (percent) # TAG: ipcache_high (percent) # TAG: fqdncache_size (number of entries) fqdncache_size 8192 # MISCELLANEOUS # ----------------------------------------------------------------------------- # TAG: memory_pools on|off # TAG: memory_pools_limit (bytes) memory_pools_limit 768 MB # TAG: forwarded_for on|off|transparent|truncate|delete forwarded_for on # TAG: cachemgr_passwd cachemgr_passwd <REMOVED> all # TAG: client_db on|off # TAG: refresh_all_ims on|off # TAG: reload_into_ims on|off # TAG: connect_retries # TAG: retry_on_error # TAG: as_whois_server # TAG: offline_mode # TAG: uri_whitespace # TAG: chroot # TAG: balance_on_multiple_ip # TAG: pipeline_prefetch pipeline_prefetch on # TAG: high_response_time_warning (msec) # TAG: high_page_fault_warning # TAG: high_memory_warning # TAG: sleep_after_fork (microseconds) # TAG: windows_ipaddrchangemonitor on|off # TAG: eui_lookup # TAG: max_filedescriptors # TAG: workers # TAG: cpu_affinity_map can anyone tell my why i am not able to get logged into the cachemgr? the page presents, but the login fails. cachemgr.conf has the IP of both proxies listed, and /etc/httpd/conf.d/squid.conf has the right access allowed by network. /usr/lib64/squid/cachemgr.cgi is chmod'd 755 (rwxr-xr-x) and is chown'd root:root.
