Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
Wasn't working etc..
..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..
..
----------
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646) clientProcessRequest: internal URL found: http://10.20.245.10:3128
2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715) clientAccessCheckDone: The request GET http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL checked: Safe_ports
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646) clientProcessRequest: internal URL found: http://10.20.245.10:3128
2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715) clientAccessCheckDone: The request GET http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL checked: Safe_ports
# EOF
---------
Q: So I added 3128 to the Safe_ports.. and then it works..
Q: no password set for cachemgr_passwd.. cachemgr.cgi just open to the world? unsecured?
and is Process Filedescriptor Allocation the closest thing?
I (think) I remember something like max, in use, and something else.. being in mgr:info
fwiw openwrt starts squid with like 4096 max files..
needed something like this:
..
..
procd_set_param file $CONFIGFILE
procd_set_param limits nofile="262140 262140"
procd_set_param respawn
procd_set_param limits nofile="262140 262140"
procd_set_param respawn
..
to set the hard and soft limits..
any better practice than adding 3128 to the 'Safe_ports'? (can't keep that in place..)
and setting a cachemgr_passwd would be the only thing to secure the cgi?
(am I missing something else?)
Thank you in advance.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
