Lets see ...
>>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote:
>>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted
>>> mgr:info
>>>
>>> Request:
>>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
>>> Host: 127.0.0.1:3128
>>> User-Agent: squidclient/6.6
>>> Accept: */*
>>> Authorization: Basic YWRtaW4..REDACTED..Q==
>>> Connection: close
On 12/07/24 06:12, Jonathan Lee wrote:
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
... GET is not CONNECT. Skip the above.
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
... 127.0.0.1 is not in *.microsoft.com. Skip the above.
http_access allow HttpAccess localnet
http_access allow HttpAccess localhost
... 127.0.0.1 is not listed in /usr/local/pkg/http.access. Skip the above.
http_access deny manager
... /squid-internal-mgr/ matches. DENY the request.
Problem solved.
What you should do is restore the default security settings which we
ship with Squid.
Place these above your custom http_access lines:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
see <https://wiki.squid-cache.org/Releases/Squid-5> for the ACL details
if you need them too.
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
