[squid-users] cachemgr.cgi on embedded system
Amos Jeffries
squid3 at treenet.co.nz
Mon Aug 1 12:05:18 UTC 2016
On 27/07/2016 2:25 a.m., reinerotto wrote:
> No progress.
> I rebuilt squid (3.5.20), incl. basic-auth, but still get
>
> The following error was encountered while trying to retrieve the URL:
> http://my_local_domain.lan:3128/squid-internal-mgr/info
> Access Denied.
>
> although I have in squid.conf (just for testing):
>
> ...
> http_access deny connect !ssl_ports
> http_access allow all manager
> cachemgr_passwd my_passwd all
> ...
>
> This should allow everybody to use the cachemgr, correct ?
Provided there are no http_access rules above that snippet of config
that are denying access. It should let anyone using the password
represented there by "my_passwd" to see the proxy manager reports.
>
> When running the cachemgr.cgi, the page to enter the password shows up, but
> then also "Access denied".
>
> One more speciality of my environment:
> The client, running
> "http://my_local_domain.lan:3128/squid-internal-mgr/info"
> sits on the other side of a captive portal (opposite side of squid). Captive
> portal has its _private_ IP-Pool.
>
> So, the IP trying to access squid, does _not_ show up when running simple
> "arp" command on the squid-machine. squid and captive portal run on same
> box.
> In case there is some hidden access control within squid, based on the IP of
> the client, this_might_ fail.
There is nothing implicit like that. Though you could have an explicitly
configured one somehow.
>
> Any hint, which debug options to set in squid.conf, for more detailed info ?
>
Adding this to your squid.conf will show the manager, access control,
and authentication activity.
debug_options ALL,1 16,4 28,4 29,4
Amos
More information about the squid-users
mailing list