[squid-users] squidclient ERR_ACCESS_DENIED

Andrea Venturoli ml at netfence.it
Tue Feb 27 15:36:56 UTC 2024 

Hello.

I'm having trouble accessing cachemgr with squidclient.

As a test, I've added the following to my squid.conf as the first 
http_access line:
> http_access manager

(I know this is dangerous and I've removed it after the test).


Opening "http://10.1.2.39:8080/squid-internal-mgr/info" from a client, I 
see all the stats.
However, squidclient still gets an access denied error:
> # squidclient -vv -p 8080 -h 10.1.2.39 mgr:info
> verbosity level set to 2
> Request:
> GET http://10.1.2.39:8080/squid-internal-mgr/info HTTP/1.0
> Host: 10.1.2.39:8080
> User-Agent: squidclient/6.6
> Accept: */*
> Connection: close
> 
> 
> .
> Transport detected: IPv4-only
> Resolving 10.1.2.39 ...
> Connecting... 10.1.2.39 (10.1.2.39:8080)
> Connected to: 10.1.2.39 (10.1.2.39:8080)
> Sending HTTP request ... 
> done.
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Tue, 27 Feb 2024 15:33:55 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 3691
> X-Squid-Error: ERR_ACCESS_DENIED 0
> Vary: Accept-Language
> Content-Language: en
> Cache-Status: proxy2.ventu;fwd=miss;detail=mismatch
> Via: 1.1 proxy2.ventu (squid), 1.1 proxy2.ventu (squid)
> Cache-Status: proxy2.ventu;fwd=miss;detail=no-cache
> Connection: close

This happens indifferently if I run it on the cache host itself or from 
the same client where the browser works.

In cache.log I see:
> 2024/02/27 16:34:48 kid1| WARNING: Forwarding loop detected for:
> GET /squid-internal-mgr/info HTTP/1.1
> Host: proxy2.ventu:8080
> User-Agent: squidclient/6.6
> Accept: */*
> Via: 1.0 proxy2.ventu (squid)
> X-Forwarded-For: 10.1.2.18
> Cache-Control: max-age=259200
> Connection: keep-alive
> 
> 
>     current master transaction: master2562

Does this mean Squid is connecting to itself as a proxy in order to 
connect to himself?
I removed all "*proxy*" env vars and tried running squidclient again, 
but there was no difference.

Any hint?
Is there a way to get more debugging info from Squid on this?

  bye & Thanks
	av.

More information about the squid-users mailing list