[squid-users] cachemgr.cgi on embedded system

Amos Jeffries squid3 at treenet.co.nz
Mon Aug 1 12:05:18 UTC 2016


On 27/07/2016 2:25 a.m., reinerotto wrote:
> No progress. 
> I rebuilt squid (3.5.20), incl. basic-auth, but still get
> 
> The following error was encountered while trying to retrieve the URL:
> http://my_local_domain.lan:3128/squid-internal-mgr/info
> Access Denied.
> 
> although I have in squid.conf (just for testing):
> 
> ...
> http_access deny connect !ssl_ports
> http_access allow all manager
> cachemgr_passwd my_passwd all
> ...
> 
> This should allow everybody to use the cachemgr, correct ?

Provided there are no http_access rules above that snippet of config
that are denying access. It should let anyone using the password
represented there by "my_passwd" to see the proxy manager reports.



> 
> When running the cachemgr.cgi, the page to enter the password shows up, but
> then also "Access denied".
> 
> One more speciality of my environment:
> The client, running
> "http://my_local_domain.lan:3128/squid-internal-mgr/info" 
> sits on the other side of a captive portal (opposite side of squid). Captive
> portal has its _private_ IP-Pool. 
> 
> So, the IP trying to access squid, does _not_ show up when running simple
> "arp" command on the squid-machine. squid and captive portal run on same
> box.
> In case there is some hidden access control within squid, based on the IP of
> the client, this_might_ fail.

There is nothing implicit like that. Though you could have an explicitly
configured one somehow.


> 
> Any hint, which debug options to set in squid.conf, for more detailed info ?
> 

Adding this to your squid.conf will show the manager, access control,
and authentication activity.
 debug_options ALL,1 16,4 28,4 29,4

Amos



More information about the squid-users mailing list