[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Mon Jul 22 18:21:21 UTC 2024


That would require a username for the cachemgr_password account right? I have no usernames set up for this.

How does one add a username for this directive ?

> On Jul 22, 2024, at 11:13, Francesco Chemolli <gkinkie at gmail.com> wrote:
> 
> Can you try supplying a username to curl? It's also common practice to
> put flags ('-u user:redacted') before arguments (the URL)
> 
> On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>> 
>> Thanks for the info
>> 
>> I tried it and this also failed. Dang
>> 
>> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
>> 
>>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>                                 Dload  Upload   Total   Spent    Left  Speed
>> 
>>  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
>> 100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>> <html><head>
>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>> <title>ERROR: The requested URL could not be retrieved</title>
>> <style type="text/css"><!--
>> /*
>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
>> *
>> * Squid software is distributed under GPLv2+ license and includes
>> * contributions from numerous individuals and organizations.
>> * Please see the COPYING and CONTRIBUTORS files for details.
>> */
>> 
>> /*
>> Stylesheet for Squid Error pages
>> Adapted from design by Free CSS Templates
>> http://www.freecsstemplates.org
>> Released for free under a Creative Commons Attribution 2.5 License
>> */
>> 
>> However I get a new error when attempting to connect over a web browser
>> 
>> ERROR
>> 
>> The requested URL could not be retrieved
>> 
>> ________________________________
>> 
>> Invalid Request error was encountered while trying to process the request:
>> 
>> GET /squid-internal-mgr HTTP/1.1
>> Host: lee_family.home.arpa:3128
>> Upgrade-Insecure-Requests: 1
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
>> Accept-Language: en-US,en;q=0.9
>> Accept-Encoding: gzip, deflate
>> Connection: keep-alive
>> DNT: 1
>> 
>> Some possible problems are:
>> 
>> Request is too large.
>> 
>> Content-Length missing for POST or PUT requests.
>> 
>> Illegal character in hostname; underscores are not allowed.
>> 
>> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>> 
>> Your cache administrator is
>> 
>> 
>> 
>> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
>> 
>> Hello, Jonathan,
>> 
>>> curl http://localhost:3128/squid-internal-mgr/info
>> 
>>> Where would I place the password?
>> 
>> I use the following configuration:
>> http_access allow localhost  manager
>> cachemgr_passwd redacted config
>> 
>> The command to read the current running config is:
>> curl localhost:3128/squid-internal-mgr/config -u :redacted
>> 
>> 
>> Kind regards,
>>      Ankor.
>> 
>> 
>> 
>> 
>> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com>:
>>> 
>>> On 2024-07-18 00:55, Jonathan Lee wrote:
>>> 
>>>> curl http://localhost:3128/squid-internal-mgr/info
>>>> 
>>>> Where would I place the password?
>>> 
>>> See "man curl" or online manual pages for curl. They will point you to
>>> two relevant options: --user and --proxy-user. AFAICT, your particular
>>> cache manager requests are sent _to_ the proxy (as if it were an origin
>>> server) rather than _through_ the proxy. Thus, you should use --user.
>>> 
>>> As I keep saying on this thread, due to Squid complications related to
>>> Bug 5283, specifying seemingly correct client parameters may not be
>>> enough to convince Squid to accept the cache manager request. I
>>> recommend the following procedure:
>>> 
>>> 1. List the corresponding http_port directive first, before any other
>>> http_port, https_port, and ftp_port directives. Do not use interception
>>> of any kind for this cache manager port.
>>> 
>>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
>>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
>>> https scheme.
>>> 
>>> 3. In that absolute mgr URL, use the host name that matches
>>> visible_hostname in squid.conf. If you do not have visible_hostname in
>>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
>>> often much easier to get this to work with visible_hostname than without it.
>>> 
>>> 4. Make (passwordless) mgr:info use case working first, before trying to
>>> get password-protected pages working.
>>> 
>>> 5. When you do specify a username and a password, remember that you are
>>> sending this request to an (equivalent of) a service running on an
>>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>>> 
>>> 
>>> If you cannot figure it out despite carefully going through the above
>>> steps, share (privately if needed) a pointer to compressed ALL,9
>>> cache.log while reproducing the problem with throw-away credentials on
>>> an idle Squid with a single curl request. Mention which step you got
>>> stuck on.
>>> 
>>> 
>>> HTH,
>>> 
>>> Alex.
>>> 
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
>> 
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>> 
>> 
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
> 
> 
> 
> -- 
>    Francesco



More information about the squid-users mailing list