[squid-users] cachemgr.cgi isn't mgr:info ?

Brian Cook bcook at poughkeepsieschools.org
Fri Jul 12 15:18:48 UTC 2024


Picking up squid again and trying to look at what's going on inside..

Squid on OpenWRT.. wanted to look at mgr:info for file desc, etc..

trying to access the cachemgr.cgi.. as this looks like the new squidclient

Wasn't working etc..

..
debug_options ALL,2
cache_log /tmp/squid_cache.log
..

----------
2024/07/12 10:57:08.388| 33,2| client_side.cc(1646) clientProcessRequest:
internal URL found: http://10.20.245.10:3128
2024/07/12 10:57:08.388| 85,2| client_side_request.cc(715)
clientAccessCheckDone: The request GET
http://10.20.245.10:3128/squid-internal-mgr/menu is DENIED; last ACL
checked: Safe_ports
# EOF
---------

Q: So I added 3128 to the Safe_ports.. and then it works..

[image: image.png]

Q: no password set for cachemgr_passwd.. cachemgr.cgi just open to the
world? unsecured?

and is Process Filedescriptor Allocation the closest thing?

I (think) I remember something like max, in use, and something else.. being
in mgr:info

fwiw openwrt starts squid with like 4096 max files..

needed something like this:

..
        procd_set_param file $CONFIGFILE
        procd_set_param limits nofile="262140 262140"
        procd_set_param respawn
..

to set the hard and soft limits..

any better practice than adding 3128 to the 'Safe_ports'? (can't keep that
in place..)

and setting a cachemgr_passwd would be the only thing to secure the cgi?

(am I missing something else?)

Thank you in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240712/8749b532/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23732 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240712/8749b532/attachment-0001.png>


More information about the squid-users mailing list