Search squid archive

Re: squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd PASSWORDREDCATED all
eui_lookup on
acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\?
acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_access allow HttpAccess localnet
http_access allow HttpAccess localhost
http_access deny manager
http_access deny to_ipv6
http_access deny from_ipv6

acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken"
acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH
sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch
sslproxy_cert_error deny all

acl splice_only src 192.168.1.8 #Tasha iPhone
acl splice_only src 192.168.1.10 #Jon iPhone
acl splice_only src 192.168.1.11 #Amazon Fire
acl splice_only src 192.168.1.15 #Tasha HP
acl splice_only src 192.168.1.16 #iPad

acl splice_only_mac arp MACADDRESSREDACTED
acl splice_only_mac arp MACADDRESSREDACTED
acl splice_only_mac arp MACADDRESSREDACTED
acl splice_only_mac arp MACADDRESSREDACTED
acl splice_only_mac arp MACADDRESSREDACTED

acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump"
acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump"

acl markBumped annotate_client bumped=true
acl active_use annotate_client active=true
acl bump_only src 192.168.1.3 #webtv
acl bump_only src 192.168.1.4 #toshiba
acl bump_only src 192.168.1.5 #imac
acl bump_only src 192.168.1.9 #macbook
acl bump_only src 192.168.1.13 #dell

acl bump_only_mac arp MACADDRESSREDACTED
acl bump_only_mac arp MACADDRESSREDACTED
acl bump_only_mac arp MACADDRESSREDACTED
acl bump_only_mac arp MACADDRESSREDACTED
acl bump_only_mac arp MACADDRESSREDACTED
sslproxy_cert_sign signTrusted bump_only_mac

ssl_bump peek step1
miss_access deny no_miss active_use
ssl_bump splice https_login active_use
ssl_bump splice splice_only_mac splice_only active_use
ssl_bump splice NoBumpDNS active_use
ssl_bump splice NoSSLIntercept active_use
ssl_bump bump bump_only_mac bump_only active_use
acl activated note active_use true
ssl_bump terminate !activated

shutdown_lifetime 1 seconds
negative_dns_ttl 5 minutes


Does the MAC address and bump have anything to do with it? This worked in the older versions without having to input a MAC for the loopback

On Jul 11, 2024, at 11:08, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

I use http access acl set as followed 

acl getmethod method GET
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6
acl HttpAccess dstdomain "/usr/local/pkg/http.access”


/usr/local/pkg/http.access
contains:
office.com
data.microsoft.com
windowsupdate.com
dc1-st.ksn.kaspersky-labs.com
dc1-file.ksn.kaspersky-labs.com
dc1.ksn.kaspersky-labs.com
gsa.apple.com
apps.apple.com
certs.apple.com
crl.apple.com
entrust.net
digicert.com
ocsp.apple.com
ocsp2.apple.com
valid.apple.com
push.apple.com
itunes.apple.com
appldnld.apple.com
gg.apple.com
gs.apple.com
mesu.apple.com
oscdn.apple.com
osrecovery.apple.com
swcdn.apple.com
swdownload.apple.com
updates-http.cdn-apple.com
appldnld.apple.com.edgesuite.net
suconfig.apple.com
audiocontentdownload.apple.com
devimages-cdn.apple.com
download.developer.apple.com
sylvan.apple.com
static.ips.apple.com


http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_access allow HttpAccess localnet
http_access allow HttpAccess localhost
http_access deny manager
http_access deny to_ipv6
http_access deny from_ipv6 

On Jul 11, 2024, at 11:02, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

also 

Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info

Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close


.
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Thu, 11 Jul 2024 18:01:46 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3788
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Cache-Status: Lee_Family.home.arpa
Cache-Status: Lee_Family.home.arpa;detail=no-cache
Connection: close

On Jul 11, 2024, at 10:57, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

Shell Output - squidclient -v -U admin -W REDACTED mgr:info

Request:
GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close


.
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Thu, 11 Jul 2024 17:55:05 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3788
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Cache-Status: Lee_Family.home.arpa
Cache-Status: Lee_Family.home.arpa;detail=no-cache
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributor

Shell Output - squidclient -v -U admin -W REDACTED /squid-internal-mgr/info

Request:
GET /squid-internal-mgr/info HTTP/1.0
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
Connection: close


.
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Thu, 11 Jul 2024 17:56:48 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3788
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Cache-Status: Lee_Family.home.arpa
Cache-Status: Lee_Family.home.arpa;detail=no-cache
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
Tested both and they also failed 

On Jul 11, 2024, at 10:27, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

Thanks what about the password is it set with@ or -p where would I place that?
Sent from my iPhone

On Jul 11, 2024, at 10:17, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:


On 11/07/24 06:08, Alex Rousskov wrote:
On 2024-07-10 12:55, Jonathan Lee wrote:
Embedding a password in a cache manager command requires providing a
username with -U
squidclient -w /squid-internal-mgr/info -u admin
squidclient -w /squid-internal-mgr/info@redacted -u admin
squidclient -w http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted -u admin
squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info
squidclient http://127.0.0.1:3128/squid-internal-mgr/info
squidclient -h 127.0.0.1:3128/squid-internal-mgr/info
squidclient -h 127.0.0.1 /squid-internal-mgr/info
squidclient -h 127.0.0.1 /squid-internal-mgr/info@redcated
squidclient -w 127.0.0.1 /squid-internal-mgr/info@redacted
squidclient -w 127.0.0.1 /squid-internal-mgr/info@redcated -u admin
squidclient -h 192.168.1.1:3128  /squid-internal-mgr/info@redacted
squidclient -h 192.168.1.1  /squid-internal-mgr/info@redacted
squidclient -h 192.168.1.1  /squid-internal-mgr/info

with -w -u -h http spaces I can’t get it to show me stats

Squid 6.6
I do not know whether this mistake is relevant, but squidclient documentation and error message imply that you should be using "-U" (capital letter U) while you are using "-u" (small letter u).


It is very relevant. As Matus already mentioned, both -U and -W.


squidclient -v -U admin -W cachemgr_password mgr:info
Request:
GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.10
Accept: */*
Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ=
Connection: close


squidclient -v -U admin -W cachemgr_password /squid-internal-mgr/info
Request:
GET /squid-internal-mgr/info HTTP/1.0
Host: localhost:3128
User-Agent: squidclient/6.10
Accept: */*
Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ=
Connection: close


Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux