[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined
Jonathan Lee
jonathanlee571 at gmail.com
Mon Jul 22 16:13:06 UTC 2024
Also I have tested
curl 127.0.0.1:3128/squid-internal-mgr -u :redacted
curl localhost:3128/squid-internal-mgr -u :redacted
curl hostname_here:3128/squid-internal-mgr -u :redacted (per bug notes use hostname in place of localhost)
and testing with no password same commands lock up the system with no response and if I do them outside of the host with a web browser I get the errors below seen they are new..
> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>
> On Jul 22, 2024, at 09:01, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>
> Thanks for the info
>
> I tried it and this also failed. Dang
>
> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
> % Total % Received % Xferd Average Speed Time Time Time Current
> Dload Upload Total Spent Left Speed
>
> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
> 100 3773 100 3773 0 0 90756 0 --:--:-- --:--:-- --:--:-- 94325
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
> <html><head>
> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> <title>ERROR: The requested URL could not be retrieved</title>
> <style type="text/css"><!--
> /*
> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
> *
> * Squid software is distributed under GPLv2+ license and includes
> * contributions from numerous individuals and organizations.
> * Please see the COPYING and CONTRIBUTORS files for details.
> */
>
> /*
> Stylesheet for Squid Error pages
> Adapted from design by Free CSS Templates
> http://www.freecsstemplates.org
> Released for free under a Creative Commons Attribution 2.5 License
> */
> However I get a new error when attempting to connect over a web browser
>
> ERROR
>
> The requested URL could not be retrieved
>
> Invalid Request error was encountered while trying to process the request:
>
> GET /squid-internal-mgr HTTP/1.1
> Host: lee_family.home.arpa:3128
> Upgrade-Insecure-Requests: 1
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
> Accept-Language: en-US,en;q=0.9
> Accept-Encoding: gzip, deflate
> Connection: keep-alive
> DNT: 1
> Some possible problems are:
>
> Request is too large.
>
> Content-Length missing for POST or PUT requests.
>
> Illegal character in hostname; underscores are not allowed.
>
> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>
> Your cache administrator is
>
>
>
>> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
>>
>> Hello, Jonathan,
>>
>> > curl http://localhost:3128/squid-internal-mgr/info
>>
>> > Where would I place the password?
>>
>> I use the following configuration:
>> http_access allow localhost manager
>> cachemgr_passwd redacted config
>>
>> The command to read the current running config is:
>> curl localhost:3128/squid-internal-mgr/config -u :redacted
>>
>>
>> Kind regards,
>> Ankor.
>>
>>
>>
>>
>> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com <mailto:rousskov at measurement-factory.com>>:
>>> On 2024-07-18 00:55, Jonathan Lee wrote:
>>>
>>> > curl http://localhost:3128/squid-internal-mgr/info
>>> >
>>> > Where would I place the password?
>>>
>>> See "man curl" or online manual pages for curl. They will point you to
>>> two relevant options: --user and --proxy-user. AFAICT, your particular
>>> cache manager requests are sent _to_ the proxy (as if it were an origin
>>> server) rather than _through_ the proxy. Thus, you should use --user.
>>>
>>> As I keep saying on this thread, due to Squid complications related to
>>> Bug 5283, specifying seemingly correct client parameters may not be
>>> enough to convince Squid to accept the cache manager request. I
>>> recommend the following procedure:
>>>
>>> 1. List the corresponding http_port directive first, before any other
>>> http_port, https_port, and ftp_port directives. Do not use interception
>>> of any kind for this cache manager port.
>>>
>>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
>>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
>>> https scheme.
>>>
>>> 3. In that absolute mgr URL, use the host name that matches
>>> visible_hostname in squid.conf. If you do not have visible_hostname in
>>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
>>> often much easier to get this to work with visible_hostname than without it.
>>>
>>> 4. Make (passwordless) mgr:info use case working first, before trying to
>>> get password-protected pages working.
>>>
>>> 5. When you do specify a username and a password, remember that you are
>>> sending this request to an (equivalent of) a service running on an
>>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>>>
>>>
>>> If you cannot figure it out despite carefully going through the above
>>> steps, share (privately if needed) a pointer to compressed ALL,9
>>> cache.log while reproducing the problem with throw-away credentials on
>>> an idle Squid with a single curl request. Mention which step you got
>>> stuck on.
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
>>> https://lists.squid-cache.org/listinfo/squid-users
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240722/96dce772/attachment-0001.htm>
More information about the squid-users
mailing list