Shows a miss 403 in the cache logs for it
| | | - | - | 26.07.2024 10:57:01 | 192.168.1.5 | NONE_NONE_ABORTED/200 | dc1.ksn.kaspersky-labs.com:443 | - | - | 26.07.2024 10:56:48 | 127.0.0.1 | TCP_MISS/403 | http://localhost:3128/squid-internal-mgr/menu | - | 127.0.0.1 | 26.07.2024 10:56:48 | 127.0.0.1 | TCP_MISS/403 | http://localhost:3128/squid-internal-mgr/menu | - | - | 26.07.2024 10:56:45 | 192.168.1.5 | NONE_NONE/200 | gdmf.apple.com:443 | - | - | 26.07.2024 10:56:44 | 192.168.1.5 | TCP_TUNNEL/200 | configuration.apple.com:443 | - | 104.107.104.29 | 26.07.2024 10:56:16 | 192.168.1.5 | TCP_REDIRECT/301 | token.safebrowsing.apple:443 |
On Jul 24, 2024, at 14:29, Francesco Chemolli <gkinkie@xxxxxxxxx> wrote:
Hi Jonathan, could you try: curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu ? On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote: Also I have tested
curl 127.0.0.1:3128/squid-internal-mgr -u :redacted curl localhost:3128/squid-internal-mgr -u :redacted curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use hostname in place of localhost)
and testing with no password same commands lock up the system with no response and if I do them outside of the host with a web browser I get the errors below seen they are new..
HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
On Jul 22, 2024, at 09:01, Jonathan Lee <jonathanlee571@xxxxxxxxx> wrote:
Thanks for the info
I tried it and this also failed. Dang
Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
% Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 3773 100 3773 0 0 90756 0 --:--:-- --:--:-- --:--:-- 94325 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html><head> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <title>ERROR: The requested URL could not be retrieved</title> <style type="text/css"><!-- /* * Copyright (C) 1996-2023 The Squid Software Foundation and contributors * * Squid software is distributed under GPLv2+ license and includes * contributions from numerous individuals and organizations. * Please see the COPYING and CONTRIBUTORS files for details. */
/* Stylesheet for Squid Error pages Adapted from design by Free CSS Templates http://www.freecsstemplates.org Released for free under a Creative Commons Attribution 2.5 License */
However I get a new error when attempting to connect over a web browser
ERROR
The requested URL could not be retrieved
________________________________
Invalid Request error was encountered while trying to process the request:
GET /squid-internal-mgr HTTP/1.1 Host: lee_family.home.arpa:3128 Upgrade-Insecure-Requests: 1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15 Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate Connection: keep-alive DNT: 1
Some possible problems are:
Request is too large.
Content-Length missing for POST or PUT requests.
Illegal character in hostname; underscores are not allowed.
HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
Your cache administrator is
On Jul 22, 2024, at 04:42, Andrey K <ankor2023@xxxxxxxxx> wrote:
Hello, Jonathan,
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
I use the following configuration: http_access allow localhost manager cachemgr_passwd redacted config
The command to read the current running config is: curl localhost:3128/squid-internal-mgr/config -u :redacted
Kind regards, Ankor.
чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov@xxxxxxxxxxxxxxxxxxxxxxx>:
On 2024-07-18 00:55, Jonathan Lee wrote:
curl http://localhost:3128/squid-internal-mgr/info
Where would I place the password?
See "man curl" or online manual pages for curl. They will point you to two relevant options: --user and --proxy-user. AFAICT, your particular cache manager requests are sent _to_ the proxy (as if it were an origin server) rather than _through_ the proxy. Thus, you should use --user.
As I keep saying on this thread, due to Squid complications related to Bug 5283, specifying seemingly correct client parameters may not be enough to convince Squid to accept the cache manager request. I recommend the following procedure:
1. List the corresponding http_port directive first, before any other http_port, https_port, and ftp_port directives. Do not use interception of any kind for this cache manager port.
2. Use curl with absolute squid-internal-mgr URLs with http scheme (like you show above). Do _not_ use "curl --proxy" or similar. Do not use https scheme.
3. In that absolute mgr URL, use the host name that matches visible_hostname in squid.conf. If you do not have visible_hostname in squid.conf, add it. This is not required, but, due to Squid bugs, it is often much easier to get this to work with visible_hostname than without it.
4. Make (passwordless) mgr:info use case working first, before trying to get password-protected pages working.
5. When you do specify a username and a password, remember that you are sending this request to an (equivalent of) a service running on an origin server, _not_ a proxy (hence --user rather than --proxy-user).
If you cannot figure it out despite carefully going through the above steps, share (privately if needed) a pointer to compressed ALL,9 cache.log while reproducing the problem with throw-away credentials on an idle Squid with a single curl request. Mention which step you got stuck on.
HTH,
Alex.
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
-- Francesco _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx https://lists.squid-cache.org/listinfo/squid-users
|