Search squid archive

Re: squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Shows a miss 403 in the cache logs for it 
--
26.07.2024 10:57:01192.168.1.5NONE_NONE_ABORTED/200dc1.ksn.kaspersky-labs.com:443--
26.07.2024 10:56:48127.0.0.1TCP_MISS/403http://localhost:3128/squid-internal-mgr/menu-127.0.0.1
26.07.2024 10:56:48127.0.0.1TCP_MISS/403http://localhost:3128/squid-internal-mgr/menu--
26.07.2024 10:56:45192.168.1.5NONE_NONE/200gdmf.apple.com:443--
26.07.2024 10:56:44192.168.1.5TCP_TUNNEL/200configuration.apple.com:443-104.107.104.29
26.07.2024 10:56:16192.168.1.5TCP_REDIRECT/301token.safebrowsing.apple:443


On Jul 24, 2024, at 14:29, Francesco Chemolli <gkinkie@xxxxxxxxx> wrote:

Hi Jonathan,
 could you try:
curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu

?

On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

Also I have tested

curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
curl localhost:3128/squid-internal-mgr -u :redacted
curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use hostname in place of localhost)

and testing with no password same commands lock up the system with no response and if I do them outside of the host with a web browser I get the errors below seen they are new..

HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.





On Jul 22, 2024, at 09:01, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:

Thanks for the info

I tried it and this also failed. Dang

Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted

 % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                Dload  Upload   Total   Spent    Left  Speed

 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
/*
* Copyright (C) 1996-2023 The Squid Software Foundation and contributors
*
* Squid software is distributed under GPLv2+ license and includes
* contributions from numerous individuals and organizations.
* Please see the COPYING and CONTRIBUTORS files for details.
*/

/*
Stylesheet for Squid Error pages
Adapted from design by Free CSS Templates
http://www.freecsstemplates.org
Released for free under a Creative Commons Attribution 2.5 License
*/

However I get a new error when attempting to connect over a web browser

ERROR

The requested URL could not be retrieved

________________________________

Invalid Request error was encountered while trying to process the request:

GET /squid-internal-mgr HTTP/1.1
Host: lee_family.home.arpa:3128
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Connection: keep-alive
DNT: 1

Some possible problems are:

Request is too large.

Content-Length missing for POST or PUT requests.

Illegal character in hostname; underscores are not allowed.

HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.

Your cache administrator is



On Jul 22, 2024, at 04:42, Andrey K <ankor2023@xxxxxxxxx> wrote:

Hello, Jonathan,

curl http://localhost:3128/squid-internal-mgr/info

Where would I place the password?

I use the following configuration:
http_access allow localhost  manager
cachemgr_passwd redacted config

The command to read the current running config is:
curl localhost:3128/squid-internal-mgr/config -u :redacted


Kind regards,
     Ankor.




чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>:

On 2024-07-18 00:55, Jonathan Lee wrote:

curl http://localhost:3128/squid-internal-mgr/info

Where would I place the password?

See "man curl" or online manual pages for curl. They will point you to
two relevant options: --user and --proxy-user. AFAICT, your particular
cache manager requests are sent _to_ the proxy (as if it were an origin
server) rather than _through_ the proxy. Thus, you should use --user.

As I keep saying on this thread, due to Squid complications related to
Bug 5283, specifying seemingly correct client parameters may not be
enough to convince Squid to accept the cache manager request. I
recommend the following procedure:

1. List the corresponding http_port directive first, before any other
http_port, https_port, and ftp_port directives. Do not use interception
of any kind for this cache manager port.

2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
you show above). Do _not_ use "curl --proxy" or similar. Do not use
https scheme.

3. In that absolute mgr URL, use the host name that matches
visible_hostname in squid.conf. If you do not have visible_hostname in
squid.conf, add it. This is not required, but, due to Squid bugs, it is
often much easier to get this to work with visible_hostname than without it.

4. Make (passwordless) mgr:info use case working first, before trying to
get password-protected pages working.

5. When you do specify a username and a password, remember that you are
sending this request to an (equivalent of) a service running on an
origin server, _not_ a proxy (hence --user rather than --proxy-user).


If you cannot figure it out despite carefully going through the above
steps, share (privately if needed) a pointer to compressed ALL,9
cache.log while reproducing the problem with throw-away credentials on
an idle Squid with a single curl request. Mention which step you got
stuck on.


HTH,

Alex.

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users



--
   Francesco
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
https://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux