[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Thu Aug 1 20:14:28 UTC 2024


The directive
cachemgr_passwd
does not allow the ability to add a username right?



> On Aug 1, 2024, at 12:30, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
> 
>           client << " requesting '" <<
>            actionName << "'" );
> 
>     // special case: /squid-internal-mgr/ index page
>     // special case: an index page
>     if (!strcmp(cmd->profile->name, "index")) {
>         ErrorState err(MGR_INDEX, Http::scOkay, request, ale);
>         err.url = xstrdup(entry->url());
> 
> it shows squid-internal-mgr was removed and replaced with “an"….
> 
>> On Jul 24, 2024, at 14:29, Francesco Chemolli <gkinkie at gmail.com> wrote:
>> 
>> Hi Jonathan,
>>  could you try:
>> curl -u anything:redacted http://localhost:3128/squid-internal-mgr/menu
>> 
>> ?
>> 
>> On Mon, Jul 22, 2024 at 8:52 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>> 
>>> Also I have tested
>>> 
>>> curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
>>> curl localhost:3128/squid-internal-mgr -u :redacted
>>> curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use hostname in place of localhost)
>>> 
>>> and testing with no password same commands lock up the system with no response and if I do them outside of the host with a web browser I get the errors below seen they are new..
>>> 
>>> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>>> 
>>> 
>>> 
>>> 
>>> 
>>> On Jul 22, 2024, at 09:01, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>> 
>>> Thanks for the info
>>> 
>>> I tried it and this also failed. Dang
>>> 
>>> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
>>> 
>>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>>                                 Dload  Upload   Total   Spent    Left  Speed
>>> 
>>>  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
>>> 100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>>> <html><head>
>>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>>> <title>ERROR: The requested URL could not be retrieved</title>
>>> <style type="text/css"><!--
>>> /*
>>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
>>> *
>>> * Squid software is distributed under GPLv2+ license and includes
>>> * contributions from numerous individuals and organizations.
>>> * Please see the COPYING and CONTRIBUTORS files for details.
>>> */
>>> 
>>> /*
>>> Stylesheet for Squid Error pages
>>> Adapted from design by Free CSS Templates
>>> http://www.freecsstemplates.org
>>> Released for free under a Creative Commons Attribution 2.5 License
>>> */
>>> 
>>> However I get a new error when attempting to connect over a web browser
>>> 
>>> ERROR
>>> 
>>> The requested URL could not be retrieved
>>> 
>>> ________________________________
>>> 
>>> Invalid Request error was encountered while trying to process the request:
>>> 
>>> GET /squid-internal-mgr HTTP/1.1
>>> Host: lee_family.home.arpa:3128
>>> Upgrade-Insecure-Requests: 1
>>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
>>> Accept-Language: en-US,en;q=0.9
>>> Accept-Encoding: gzip, deflate
>>> Connection: keep-alive
>>> DNT: 1
>>> 
>>> Some possible problems are:
>>> 
>>> Request is too large.
>>> 
>>> Content-Length missing for POST or PUT requests.
>>> 
>>> Illegal character in hostname; underscores are not allowed.
>>> 
>>> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>>> 
>>> Your cache administrator is
>>> 
>>> 
>>> 
>>> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
>>> 
>>> Hello, Jonathan,
>>> 
>>>> curl http://localhost:3128/squid-internal-mgr/info
>>> 
>>>> Where would I place the password?
>>> 
>>> I use the following configuration:
>>> http_access allow localhost  manager
>>> cachemgr_passwd redacted config
>>> 
>>> The command to read the current running config is:
>>> curl localhost:3128/squid-internal-mgr/config -u :redacted
>>> 
>>> 
>>> Kind regards,
>>>      Ankor.
>>> 
>>> 
>>> 
>>> 
>>> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com>:
>>>> 
>>>> On 2024-07-18 00:55, Jonathan Lee wrote:
>>>> 
>>>>> curl http://localhost:3128/squid-internal-mgr/info
>>>>> 
>>>>> Where would I place the password?
>>>> 
>>>> See "man curl" or online manual pages for curl. They will point you to
>>>> two relevant options: --user and --proxy-user. AFAICT, your particular
>>>> cache manager requests are sent _to_ the proxy (as if it were an origin
>>>> server) rather than _through_ the proxy. Thus, you should use --user.
>>>> 
>>>> As I keep saying on this thread, due to Squid complications related to
>>>> Bug 5283, specifying seemingly correct client parameters may not be
>>>> enough to convince Squid to accept the cache manager request. I
>>>> recommend the following procedure:
>>>> 
>>>> 1. List the corresponding http_port directive first, before any other
>>>> http_port, https_port, and ftp_port directives. Do not use interception
>>>> of any kind for this cache manager port.
>>>> 
>>>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
>>>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
>>>> https scheme.
>>>> 
>>>> 3. In that absolute mgr URL, use the host name that matches
>>>> visible_hostname in squid.conf. If you do not have visible_hostname in
>>>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
>>>> often much easier to get this to work with visible_hostname than without it.
>>>> 
>>>> 4. Make (passwordless) mgr:info use case working first, before trying to
>>>> get password-protected pages working.
>>>> 
>>>> 5. When you do specify a username and a password, remember that you are
>>>> sending this request to an (equivalent of) a service running on an
>>>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>>>> 
>>>> 
>>>> If you cannot figure it out despite carefully going through the above
>>>> steps, share (privately if needed) a pointer to compressed ALL,9
>>>> cache.log while reproducing the problem with throw-away credentials on
>>>> an idle Squid with a single curl request. Mention which step you got
>>>> stuck on.
>>>> 
>>>> 
>>>> HTH,
>>>> 
>>>> Alex.
>>>> 
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> https://lists.squid-cache.org/listinfo/squid-users
>>> 
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
>> 
>> 
>> 
>> -- 
>>    Francesco
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240801/9b5478b6/attachment-0001.htm>


More information about the squid-users mailing list