[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Thu Jul 11 18:08:29 UTC 2024 

I use http access acl set as followed 

acl getmethod method GET
acl to_ipv6 dst ipv6
acl from_ipv6 src ipv6
acl HttpAccess dstdomain "/usr/local/pkg/http.access”


/usr/local/pkg/http.access
contains:
office.com
data.microsoft.com
windowsupdate.com
dc1-st.ksn.kaspersky-labs.com
dc1-file.ksn.kaspersky-labs.com
dc1.ksn.kaspersky-labs.com
gsa.apple.com
apps.apple.com
certs.apple.com
crl.apple.com
entrust.net
digicert.com
ocsp.apple.com
ocsp2.apple.com
valid.apple.com
push.apple.com
itunes.apple.com
appldnld.apple.com
gg.apple.com
gs.apple.com
mesu.apple.com
oscdn.apple.com
osrecovery.apple.com
swcdn.apple.com
swdownload.apple.com
updates-http.cdn-apple.com
appldnld.apple.com.edgesuite.net
suconfig.apple.com
audiocontentdownload.apple.com
devimages-cdn.apple.com
download.developer.apple.com
sylvan.apple.com
static.ips.apple.com


http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_access allow HttpAccess localnet
http_access allow HttpAccess localhost
http_access deny manager
http_access deny to_ipv6
http_access deny from_ipv6 

> On Jul 11, 2024, at 11:02, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
> 
> also 
> 
> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info
> Request:
> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
> Host: 127.0.0.1:3128
> User-Agent: squidclient/6.6
> Accept: */*
> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
> Connection: close
> 
> 
> .
> HTTP/1.1 403 Forbidden
> Server: squid
> Mime-Version: 1.0
> Date: Thu, 11 Jul 2024 18:01:46 GMT
> Content-Type: text/html;charset=utf-8
> Content-Length: 3788
> X-Squid-Error: ERR_ACCESS_DENIED 0
> Vary: Accept-Language
> Content-Language: en
> Cache-Status: Lee_Family.home.arpa
> Cache-Status: Lee_Family.home.arpa;detail=no-cache
> Connection: close
> 
>> On Jul 11, 2024, at 10:57, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>> 
>> Shell Output - squidclient -v -U admin -W REDACTED mgr:info
>> Request:
>> GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
>> Host: localhost:3128
>> User-Agent: squidclient/6.6
>> Accept: */*
>> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
>> Connection: close
>> 
>> 
>> .
>> HTTP/1.1 403 Forbidden
>> Server: squid
>> Mime-Version: 1.0
>> Date: Thu, 11 Jul 2024 17:55:05 GMT
>> Content-Type: text/html;charset=utf-8
>> Content-Length: 3788
>> X-Squid-Error: ERR_ACCESS_DENIED 0
>> Vary: Accept-Language
>> Content-Language: en
>> Cache-Status: Lee_Family.home.arpa
>> Cache-Status: Lee_Family.home.arpa;detail=no-cache
>> Connection: close
>> 
>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>> <html><head>
>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>> <title>ERROR: The requested URL could not be retrieved</title>
>> <style type="text/css"><!--
>>  /*
>>  * Copyright (C) 1996-2023 The Squid Software Foundation and contributor
>> 
>> Shell Output - squidclient -v -U admin -W REDACTED /squid-internal-mgr/info
>> Request:
>> GET /squid-internal-mgr/info HTTP/1.0
>> User-Agent: squidclient/6.6
>> Accept: */*
>> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ==
>> Connection: close
>> 
>> 
>> .
>> HTTP/1.1 403 Forbidden
>> Server: squid
>> Mime-Version: 1.0
>> Date: Thu, 11 Jul 2024 17:56:48 GMT
>> Content-Type: text/html;charset=utf-8
>> Content-Length: 3788
>> X-Squid-Error: ERR_ACCESS_DENIED 0
>> Vary: Accept-Language
>> Content-Language: en
>> Cache-Status: Lee_Family.home.arpa
>> Cache-Status: Lee_Family.home.arpa;detail=no-cache
>> Connection: close
>> 
>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>> <html><head>
>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>> <title>ERROR: The requested URL could not be retrieved</title>
>> <style type="text/css"><!--
>>  /*
>>  * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
>> Tested both and they also failed 
>> 
>>> On Jul 11, 2024, at 10:27, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>> 
>>> Thanks what about the password is it set with@ or -p where would I place that?
>>> Sent from my iPhone
>>> 
>>>> On Jul 11, 2024, at 10:17, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>>>> 
>>>> 
>>>>> On 11/07/24 06:08, Alex Rousskov wrote:
>>>>> On 2024-07-10 12:55, Jonathan Lee wrote:
>>>>>>> Embedding a password in a cache manager command requires providing a
>>>>>>> username with -U
>>>>>> squidclient -w /squid-internal-mgr/info -u admin
>>>>>> squidclient -w /squid-internal-mgr/info at redacted -u admin
>>>>>> squidclient -w http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin
>>>>>> squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted -u admin
>>>>>> squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info
>>>>>> squidclient http://127.0.0.1:3128/squid-internal-mgr/info
>>>>>> squidclient -h 127.0.0.1:3128/squid-internal-mgr/info
>>>>>> squidclient -h 127.0.0.1 /squid-internal-mgr/info
>>>>>> squidclient -h 127.0.0.1 /squid-internal-mgr/info at redcated
>>>>>> squidclient -w 127.0.0.1 /squid-internal-mgr/info at redacted
>>>>>> squidclient -w 127.0.0.1 /squid-internal-mgr/info at redcated -u admin
>>>>>> squidclient -h 192.168.1.1:3128  /squid-internal-mgr/info at redacted
>>>>>> squidclient -h 192.168.1.1  /squid-internal-mgr/info at redacted
>>>>>> squidclient -h 192.168.1.1  /squid-internal-mgr/info
>>>>>> 
>>>>>> with -w -u -h http spaces I can’t get it to show me stats
>>>>>> 
>>>>>> Squid 6.6
>>>>> I do not know whether this mistake is relevant, but squidclient documentation and error message imply that you should be using "-U" (capital letter U) while you are using "-u" (small letter u).
>>>> 
>>>> 
>>>> It is very relevant. As Matus already mentioned, both -U and -W.
>>>> 
>>>> 
>>>> squidclient -v -U admin -W cachemgr_password mgr:info
>>>> Request:
>>>> GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0
>>>> Host: localhost:3128
>>>> User-Agent: squidclient/6.10
>>>> Accept: */*
>>>> Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ=
>>>> Connection: close
>>>> 
>>>> 
>>>> squidclient -v -U admin -W cachemgr_password /squid-internal-mgr/info
>>>> Request:
>>>> GET /squid-internal-mgr/info HTTP/1.0
>>>> Host: localhost:3128
>>>> User-Agent: squidclient/6.10
>>>> Accept: */*
>>>> Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ=
>>>> Connection: close
>>>> 
>>>> 
>>>> Cheers
>>>> Amos
>>>> _______________________________________________
>>>> squid-users mailing list
>>>> squid-users at lists.squid-cache.org
>>>> https://lists.squid-cache.org/listinfo/squid-users
>> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240711/da580aa4/attachment.htm>

More information about the squid-users mailing list