[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Thu Jul 18 04:12:55 UTC 2024 

Same result 


Shell Output - squidclient -v -h 127.0.0.1 -p 3128 -U cachemgr -W REDACTED mgr:info
Request:
GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0
Host: 127.0.0.1:3128
User-Agent: squidclient/6.6
Accept: */*
Authorization: Basic redacted==
Connection: close


.
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Thu, 18 Jul 2024 04:09:35 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 3792
X-Squid-Error: ERR_ACCESS_DENIED 0
Vary: Accept-Language
Content-Language: en
Cache-Status: Lee_Family.home.arpa
Cache-Status: Lee_Family.home.arpa;detail=no-cache
Connection: close
I also tested this 

squidclient -l 127.0.0.1 -h localhost mgr:info

Per pfSense Netgate community this seemed to work for users that do not use a password directive 

cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd REDACTED_PASSWORD_HERE all

Any other recommendations to try to get the password to work?

> On Jul 17, 2024, at 21:08, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
> 
> 2024/07/17 21:07:37| Processing Configuration File: /usr/local/etc/squid/squid.conf (depth 0)
> 2024/07/17 21:07:37| Processing: http_port 192.168.1.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
> 2024/07/17 21:07:37| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
> 2024/07/17 21:07:37| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
>     OpenSSL-saved error #1: 0x1e08010c
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_DH_USE
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_ECDH_USE
> 2024/07/17 21:07:37| Processing: http_port 3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
> 2024/07/17 21:07:37| Starting Authentication on port [::]:3128
> 2024/07/17 21:07:37| Disabling Authentication on port [::]:3128 (interception enabled)
> 2024/07/17 21:07:37| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in http_port. Use 'tls-cafile=' instead.
> 2024/07/17 21:07:37| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
>     OpenSSL-saved error #1: 0x1e08010c
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_DH_USE
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_ECDH_USE
> 2024/07/17 21:07:37| Processing: https_port 3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=20MB cert=/usr/local/etc/squid/serverkey.pem cafile=/usr/local/share/certs/ca-root-nss.crt capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS tls-dh=prime256v1:/etc/dh-parameters.2048 options=NO_SSLv3,SINGLE_DH_USE,SINGLE_ECDH_USE
> 2024/07/17 21:07:37| Starting Authentication on port [::]:3129
> 2024/07/17 21:07:37| Disabling Authentication on port [::]:3129 (interception enabled)
> 2024/07/17 21:07:37| WARNING: UPGRADE: 'cafile=/usr/local/share/certs/ca-root-nss.crt' is deprecated in https_port. Use 'tls-cafile=' instead.
> 2024/07/17 21:07:37| WARNING: Failed to decode EC parameters '/etc/dh-parameters.2048'
>     OpenSSL-saved error #1: 0x1e08010c
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_DH_USE
> 2024/07/17 21:07:37| ERROR: Unsupported TLS option SINGLE_ECDH_USE
> 
> I removed the : and it processed 
> 
> 
>> On Jul 12, 2024, at 09:52, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>> 
>> On 13/07/24 04:16, Jonathan Lee wrote:
>>> tested with removal of IP and port failed If I leave port I get this
>>> 2024/07/12 09:15:17| Processing: http_port :3128 intercept
>> 
>> No  ":" before thr port number.
>> 
>> 
>> Amos
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240717/ca19dac7/attachment-0001.htm>

More information about the squid-users mailing list