[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Mon Jul 22 16:01:27 UTC 2024 

Thanks for the info

I tried it and this also failed. Dang

Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/
However I get a new error when attempting to connect over a web browser 

ERROR

The requested URL could not be retrieved

Invalid Request error was encountered while trying to process the request:

GET /squid-internal-mgr HTTP/1.1
Host: lee_family.home.arpa:3128
Upgrade-Insecure-Requests: 1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
Accept-Language: en-US,en;q=0.9
Accept-Encoding: gzip, deflate
Connection: keep-alive
DNT: 1
Some possible problems are:

Request is too large.

Content-Length missing for POST or PUT requests.

Illegal character in hostname; underscores are not allowed.

HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.

Your cache administrator is 



> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
> 
> Hello, Jonathan,
> 
> > curl http://localhost:3128/squid-internal-mgr/info 
> 
> > Where would I place the password?
> 
> I use the following configuration:
> http_access allow localhost  manager
> cachemgr_passwd redacted config
> 
> The command to read the current running config is:
> curl localhost:3128/squid-internal-mgr/config -u :redacted
> 
> 
> Kind regards,
>       Ankor.
> 
> 
> 
> 
> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com <mailto:rousskov at measurement-factory.com>>:
>> On 2024-07-18 00:55, Jonathan Lee wrote:
>> 
>> > curl http://localhost:3128/squid-internal-mgr/info 
>> > 
>> > Where would I place the password?
>> 
>> See "man curl" or online manual pages for curl. They will point you to 
>> two relevant options: --user and --proxy-user. AFAICT, your particular 
>> cache manager requests are sent _to_ the proxy (as if it were an origin 
>> server) rather than _through_ the proxy. Thus, you should use --user.
>> 
>> As I keep saying on this thread, due to Squid complications related to 
>> Bug 5283, specifying seemingly correct client parameters may not be 
>> enough to convince Squid to accept the cache manager request. I 
>> recommend the following procedure:
>> 
>> 1. List the corresponding http_port directive first, before any other 
>> http_port, https_port, and ftp_port directives. Do not use interception 
>> of any kind for this cache manager port.
>> 
>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like 
>> you show above). Do _not_ use "curl --proxy" or similar. Do not use 
>> https scheme.
>> 
>> 3. In that absolute mgr URL, use the host name that matches 
>> visible_hostname in squid.conf. If you do not have visible_hostname in 
>> squid.conf, add it. This is not required, but, due to Squid bugs, it is 
>> often much easier to get this to work with visible_hostname than without it.
>> 
>> 4. Make (passwordless) mgr:info use case working first, before trying to 
>> get password-protected pages working.
>> 
>> 5. When you do specify a username and a password, remember that you are 
>> sending this request to an (equivalent of) a service running on an 
>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>> 
>> 
>> If you cannot figure it out despite carefully going through the above 
>> steps, share (privately if needed) a pointer to compressed ALL,9 
>> cache.log while reproducing the problem with throw-away credentials on 
>> an idle Squid with a single curl request. Mention which step you got 
>> stuck on.
>> 
>> 
>> HTH,
>> 
>> Alex.
>> 
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>> https://lists.squid-cache.org/listinfo/squid-users
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240722/4ca4b643/attachment.htm>

More information about the squid-users mailing list