[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined
Amos Jeffries
squid3 at treenet.co.nz
Thu Jul 11 21:49:35 UTC 2024
Oh, I see the problem:
http_port 127.0.0.1:3128 intercept ...
(which also means you lack a firewall rule preventing external
software like squidclient from sending traffic directly to your
intercept port.)
Please **do not** use port 3128 to receive intercepted traffic.
I recommend changing your main port to this:
http_port 3128 ssl-bump ....
and receiving the intercepted traffic on:
http_port 3129 intercept ssl-bump ...
and check your firewall has all the rules listed at
<https://wiki.squid-cache.org/ConfigExamples/Intercept/LinuxRedirect>.
One to note in particular is the "mangle" table rule.
Cheers
Amos
More information about the squid-users
mailing list