[squid-users] squidclient ERR_ACCESS_DENIED
Alex Rousskov
rousskov at measurement-factory.com
Tue Feb 27 17:02:54 UTC 2024
On 2024-02-27 10:36, Andrea Venturoli wrote:
> I'm having trouble accessing cachemgr with squidclient.
You are suffering from one or several known problems[1,2] related to
cache manager changes in v6+ code. Without going into complicated
details, I recommend that you replace deprecated squidclient with curl,
wget, or another popular client of your choice _and_ then use the URL
host name (or IP address) and other client configuration parameters that
"work" in your specific Squid environment. You may need to adjust them
later, but at least you will have a temporary workaround.
AFAIK[1], a Squid developer is working on improving this ugly situation,
but that work takes time (and will not resurrect squidclient support in
future Squid versions).
HTH,
Alex.
[1] https://bugs.squid-cache.org/show_bug.cgi?id=5283
[2]
https://lists.squid-cache.org/pipermail/squid-users/2023-August/026023.html
> As a test, I've added the following to my squid.conf as the first
> http_access line:
>> http_access manager
>
> (I know this is dangerous and I've removed it after the test).
>
>
> Opening "http://10.1.2.39:8080/squid-internal-mgr/info" from a client, I
> see all the stats.
> However, squidclient still gets an access denied error:
>> # squidclient -vv -p 8080 -h 10.1.2.39 mgr:info
>> verbosity level set to 2
>> Request:
>> GET http://10.1.2.39:8080/squid-internal-mgr/info HTTP/1.0
>> Host: 10.1.2.39:8080
>> User-Agent: squidclient/6.6
>> Accept: */*
>> Connection: close
>>
>>
>> .
>> Transport detected: IPv4-only
>> Resolving 10.1.2.39 ...
>> Connecting... 10.1.2.39 (10.1.2.39:8080)
>> Connected to: 10.1.2.39 (10.1.2.39:8080)
>> Sending HTTP request ... done.
>> HTTP/1.1 403 Forbidden
>> Server: squid
>> Mime-Version: 1.0
>> Date: Tue, 27 Feb 2024 15:33:55 GMT
>> Content-Type: text/html;charset=utf-8
>> Content-Length: 3691
>> X-Squid-Error: ERR_ACCESS_DENIED 0
>> Vary: Accept-Language
>> Content-Language: en
>> Cache-Status: proxy2.ventu;fwd=miss;detail=mismatch
>> Via: 1.1 proxy2.ventu (squid), 1.1 proxy2.ventu (squid)
>> Cache-Status: proxy2.ventu;fwd=miss;detail=no-cache
>> Connection: close
>
> This happens indifferently if I run it on the cache host itself or from
> the same client where the browser works.
>
> In cache.log I see:
>> 2024/02/27 16:34:48 kid1| WARNING: Forwarding loop detected for:
>> GET /squid-internal-mgr/info HTTP/1.1
>> Host: proxy2.ventu:8080
>> User-Agent: squidclient/6.6
>> Accept: */*
>> Via: 1.0 proxy2.ventu (squid)
>> X-Forwarded-For: 10.1.2.18
>> Cache-Control: max-age=259200
>> Connection: keep-alive
>>
>>
>> current master transaction: master2562
>
> Does this mean Squid is connecting to itself as a proxy in order to
> connect to himself?
> I removed all "*proxy*" env vars and tried running squidclient again,
> but there was no difference.
>
> Any hint?
> Is there a way to get more debugging info from Squid on this?
>
> bye & Thanks
> av.
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users
More information about the squid-users
mailing list