[squid-users] cachemgr.cgi isn't mgr:info ?
Brian Cook
bcook at poughkeepsieschools.org
Fri Jul 12 15:18:48 UTC 2024
Picking up squid again and trying to look at what's going on inside..
Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..
trying to access the cachemgr.cgi.. as this looks like the new squidclient
Wasn't working etc..
..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..
----------
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646) clientProcessRequest:
internal URL found: http://10.20.245.10:3128
2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715)
clientAccessCheckDone: The request GET
http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL
checked: Safe_ports
# EOF
---------
Q: So I added 3128 to the Safe_ports.. and then it works..
[image: image.png]
Q: no password set for cachemgr_passwd.. cachemgr.cgi just open to the
world? unsecured?
and is Process Filedescriptor Allocation the closest thing?
I (think) I remember something like max, in use, and something else.. being
in mgr:info
fwiw openwrt starts squid with like 4096 max files..
needed something like this:
..
procd_set_param file $CONFIGFILE
procd_set_param limits nofile="262140 262140"
procd_set_param respawn
..
to set the hard and soft limits..
any better practice than adding 3128 to the 'Safe_ports'? (can't keep that
in place..)
and setting a cachemgr_passwd would be the only thing to secure the cgi?
(am I missing something else?)
Thank you in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240712/8749b532/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23732 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240712/8749b532/attachment-0001.png>
More information about the squid-users
mailing list