Per your subject question "cachemgr.cgi isn't mgr:info ?"
Correct.
cachemgr.cgi is an old tool to access multiple proxies manager reports.
"mgr:info" is a command line parameter for the squidclient tool to
access a proxies "info" manager report.
Also, commonly used shorthand in Squid community to refer to the
"info" report, regardless of how it is accessed.
Responses to your other queries inline...
On 13/07/24 03:18, Brian Cook wrote:
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
Wasn't working etc..
FYI, both squidclient and cachemgr.cgi are deprecated. It depends on the
tool version vs Squid version whether you will encounter an issue.
Current recommendation for current supported Squid is to use a tool like
this one: <https://github.com/yadij/cachemgr.js>.
(I may be a bit biased there as its author, but also not yet aware of
any others to reference.)
..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..
----------
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646)
clientProcessRequest: internal URL found: http://10.20.245.10:3128
2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715)
clientAccessCheckDone: The request GET
http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL
checked: Safe_ports
# EOF
---------
Q: So I added 3128 to the Safe_ports.. and then it works..
image.png
Q: no password set for cachemgr_passwd.. cachemgr.cgi just open to the
world? unsecured?
Apparently so in your setup. Unless your Browser etc did some implicit
authentication that you overlooked.
and is Process Filedescriptor Allocation the closest thing?
That report is a list of what each filedescriptor is currently being
used for.
I (think) I remember something like max, in use, and something else..
being in mgr:info
Yes.
fwiw openwrt starts squid with like 4096 max files..
needed something like this:
..
procd_set_param file $CONFIGFILE
procd_set_param limits nofile="262140 262140"
procd_set_param respawn
..
to set the hard and soft limits..
any better practice than adding 3128 to the 'Safe_ports'? (can't keep
that in place..)
Ports 1025 to 65535 should already be listed as "Safe_ports". That ACL
is supposed to be used to pinhole a denial of the known **non-safe** ports.
and setting a cachemgr_passwd would be the only thing to secure the cgi?
No.
The CGI tool is restricted by any configuration of the web server
running it. And,
Then tool requests to Squid are restricted by your http_access rules
for what requests can be made of the proxy. And,
Then the access to individual manager reports is controlled by
cachemgr_passwd directive in Squid.
Cheers
Amos
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users
