[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 11 20:16:46 UTC 2024
Lets see ...
>>> On Jul 11, 2024, at 11:02, Jonathan Lee wrote:
>>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted
>>> mgr:info
>>>
>>> Request:
>>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
>>> Host: 127.0.0.1:3128
>>> User-Agent: squidclient/6.6
>>> Accept: */*
>>> Authorization: Basic YWRtaW4..REDACTED..Q==
>>> Connection: close
On 12/07/24 06:12, Jonathan Lee wrote:
> http_access allow CONNECT wuCONNECT localnet
> http_access allow CONNECT wuCONNECT localhost
... GET is not CONNECT. Skip the above.
> http_access allow windowsupdate localnet
> http_access allow windowsupdate localhost
... 127.0.0.1 is not in *.microsoft.com. Skip the above.
> http_access allow HttpAccess localnet
> http_access allow HttpAccess localhost
... 127.0.0.1 is not listed in /usr/local/pkg/http.access. Skip the above.
> http_access deny manager
... /squid-internal-mgr/ matches. DENY the request.
Problem solved.
What you should do is restore the default security settings which we
ship with Squid.
Place these above your custom http_access lines:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
see <https://wiki.squid-cache.org/Releases/Squid-5> for the ACL details
if you need them too.
Amos
More information about the squid-users
mailing list