[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

[Alex Rousskov]

On 2024-07-18 00:55, Jonathan Lee wrote:

> curl http://localhost:3128/squid-internal-mgr/info 
> 
> Where would I place the password?

See "man curl" or online manual pages for curl. They will point you to 
two relevant options: --user and --proxy-user. AFAICT, your particular 
cache manager requests are sent _to_ the proxy (as if it were an origin 
server) rather than _through_ the proxy. Thus, you should use --user.

As I keep saying on this thread, due to Squid complications related to 
Bug 5283, specifying seemingly correct client parameters may not be 
enough to convince Squid to accept the cache manager request. I 
recommend the following procedure:

1. List the corresponding http_port directive first, before any other 
http_port, https_port, and ftp_port directives. Do not use interception 
of any kind for this cache manager port.

2. Use curl with absolute squid-internal-mgr URLs with http scheme (like 
you show above). Do _not_ use "curl --proxy" or similar. Do not use 
https scheme.

3. In that absolute mgr URL, use the host name that matches 
visible_hostname in squid.conf. If you do not have visible_hostname in 
squid.conf, add it. This is not required, but, due to Squid bugs, it is 
often much easier to get this to work with visible_hostname than without it.

4. Make (passwordless) mgr:info use case working first, before trying to 
get password-protected pages working.

5. When you do specify a username and a password, remember that you are 
sending this request to an (equivalent of) a service running on an 
origin server, _not_ a proxy (hence --user rather than --proxy-user).


If you cannot figure it out despite carefully going through the above 
steps, share (privately if needed) a pointer to compressed ALL,9 
cache.log while reproducing the problem with throw-away credentials on 
an idle Squid with a single curl request. Mention which step you got 
stuck on.


HTH,

Alex.