Search squid archive

Re: cachemgr.cgi isn't mgr:info ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Per your subject question "cachemgr.cgi isn't mgr:info ?"

Correct.

 cachemgr.cgi is an old tool to access multiple proxies manager reports.

"mgr:info" is a command line parameter for the squidclient tool to access a proxies "info" manager report. Also, commonly used shorthand in Squid community to refer to the "info" report, regardless of how it is accessed.


Responses to your other queries inline...


On 13/07/24 03:18, Brian Cook wrote:
Picking up squid again and trying to look at what's going on inside..

Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..

trying to access the cachemgr.cgi.. as this looks like the new squidclient

Wasn't working etc..


FYI, both squidclient and cachemgr.cgi are deprecated. It depends on the tool version vs Squid version whether you will encounter an issue.

Current recommendation for current supported Squid is to use a tool like this one: <https://github.com/yadij/cachemgr.js>. (I may be a bit biased there as its author, but also not yet aware of any others to reference.)


..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..

----------
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646) clientProcessRequest: internal URL found: http://10.20.245.10:3128 2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715) clientAccessCheckDone: The request GET http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL checked: Safe_ports
# EOF
---------

Q: So I added 3128 to the Safe_ports.. and then it works..

image.png

Q: no password set for cachemgr_passwd.. cachemgr.cgi just open to the world? unsecured?


Apparently so in your setup. Unless your Browser etc did some implicit authentication that you overlooked.


and is Process Filedescriptor Allocation the closest thing?


That report is a list of what each filedescriptor is currently being used for.


I (think) I remember something like max, in use, and something else.. being in mgr:info


Yes.


fwiw openwrt starts squid with like 4096 max files..

needed something like this:

..
         procd_set_param file $CONFIGFILE
         procd_set_param limits nofile="262140 262140"
         procd_set_param respawn
..

to set the hard and soft limits..

any better practice than adding 3128 to the 'Safe_ports'? (can't keep that in place..)


Ports 1025 to 65535 should already be listed as "Safe_ports". That ACL is supposed to be used to pinhole a denial of the known **non-safe** ports.



and setting a cachemgr_passwd would be the only thing to secure the cgi?


No.

The CGI tool is restricted by any configuration of the web server running it. And,

Then tool requests to Squid are restricted by your http_access rules for what requests can be made of the proxy. And,

Then the access to individual manager reports is controlled by cachemgr_passwd directive in Squid.


Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux