On 25/07/2016 7:16 a.m., Eliezer Croitoru wrote: > Hey, > > What version are you using? > Squid since version 3.X has a built in interface which might fit your needs. > You can see an example of usage at: > http://wiki.squid-cache.org/Features/CacheManager#default > > What you will need to do is to access the proxy directly using a url like: > http://mycache.example.com:3128/squid-internal-mgr/menu > > and for the info page from the menu: > http://mycache.example.com:3128/squid-internal-mgr/info > > So unless you have a special need for the cache manger cgi you should use the http one. > NP: the cachemgr.cgi tool from recent Squid releases will test for and use that http:// interface instead of the old cache_proto:// scheme. > > -----Original Message----- > From: reinerotto > > I have a problem to use cachemgr.cgi on an embedded system: > (Cache Server: 127.0.0.1:3128; manager name: manager: Password: maypasswd) "maypasswd" or "mypasswd"? If that is not a typo in your email it will be the problem. > browser: > The following error was encountered while trying to retrieve the URL: > cache_object://127.0.0.1/ > Cache Manager Access Denied. > Sorry, you are not currently allowed to request cache_object://127.0.0.1/ from this cache manager until you have authenticated yourself. > ACL Access Denied > > cache.log: > 2016/07/24 13:19:00| CacheManager: unknown@local=127.0.0.1:3128 > remote=127.0.0.1:56590 FD 18 flags=1: password needed for 'menu' > > squid.conf: > acl manager proto cache_object > #next just for testing > http_access allow manager all > cachemgr_passwd mypasswd all Order is important. Where you put these lines in relation to any other http_access rules matters a lot. The current release recommend placing the http_access rules for manager below the default "deny CONNECT !SSL_port" rule, above any other custom rules you have. > > On the embedded system, there is only a small http-server (uhttpd) running, _not_ apache or similar, so I suspect some special "requirement" not met on my system. > It could be _either_ some special .configure option for squid (I have a downsized one, self-compiled) _or_ some speciality regarding my http-server, which otherwise works well. > That should be fine as long as: * the uhttpd can pass Basic authentication headers and the user-info field of URLs through to the CGI tool. * Squid is a current/recent release of Squid *and* cachemgr.cgi tool. * Squid has Basic authentication enabled. Note that a current Squid supporting the new interface should be warning you about incorrect manager ACL definition and refusing to startup using the config mentioned above. "proto" is no longer the correct ACL type for manager. There is a built-in one instead. In your current system setup I suggest going with the default squid.conf http_access manager lines. They are sufficient for a cachmgr.cgi tool running on the same machine. However, since cachemgr.cgi does not have to run on the embeded device you can save a fair bit of space by placing it on an administrative web server machine. For that you need to change the "http_access allow manager localhost" to use an ACL checking for that machines IP instead of localhost. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
