[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined
Jonathan Lee
jonathanlee571 at gmail.com
Mon Jul 22 18:21:21 UTC 2024
That would require a username for the cachemgr_password account right? I have no usernames set up for this.
How does one add a username for this directive ?
> On Jul 22, 2024, at 11:13, Francesco Chemolli <gkinkie at gmail.com> wrote:
>
> Can you try supplying a username to curl? It's also common practice to
> put flags ('-u user:redacted') before arguments (the URL)
>
> On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>
>> Thanks for the info
>>
>> I tried it and this also failed. Dang
>>
>> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
>>
>> % Total % Received % Xferd Average Speed Time Time Time Current
>> Dload Upload Total Spent Left Speed
>>
>> 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
>> 100 3773 100 3773 0 0 90756 0 --:--:-- --:--:-- --:--:-- 94325
>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>> <html><head>
>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>> <title>ERROR: The requested URL could not be retrieved</title>
>> <style type="text/css"><!--
>> /*
>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
>> *
>> * Squid software is distributed under GPLv2+ license and includes
>> * contributions from numerous individuals and organizations.
>> * Please see the COPYING and CONTRIBUTORS files for details.
>> */
>>
>> /*
>> Stylesheet for Squid Error pages
>> Adapted from design by Free CSS Templates
>> http://www.freecsstemplates.org
>> Released for free under a Creative Commons Attribution 2.5 License
>> */
>>
>> However I get a new error when attempting to connect over a web browser
>>
>> ERROR
>>
>> The requested URL could not be retrieved
>>
>> ________________________________
>>
>> Invalid Request error was encountered while trying to process the request:
>>
>> GET /squid-internal-mgr HTTP/1.1
>> Host: lee_family.home.arpa:3128
>> Upgrade-Insecure-Requests: 1
>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
>> Accept-Language: en-US,en;q=0.9
>> Accept-Encoding: gzip, deflate
>> Connection: keep-alive
>> DNT: 1
>>
>> Some possible problems are:
>>
>> Request is too large.
>>
>> Content-Length missing for POST or PUT requests.
>>
>> Illegal character in hostname; underscores are not allowed.
>>
>> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>>
>> Your cache administrator is
>>
>>
>>
>> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
>>
>> Hello, Jonathan,
>>
>>> curl http://localhost:3128/squid-internal-mgr/info
>>
>>> Where would I place the password?
>>
>> I use the following configuration:
>> http_access allow localhost manager
>> cachemgr_passwd redacted config
>>
>> The command to read the current running config is:
>> curl localhost:3128/squid-internal-mgr/config -u :redacted
>>
>>
>> Kind regards,
>> Ankor.
>>
>>
>>
>>
>> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com>:
>>>
>>> On 2024-07-18 00:55, Jonathan Lee wrote:
>>>
>>>> curl http://localhost:3128/squid-internal-mgr/info
>>>>
>>>> Where would I place the password?
>>>
>>> See "man curl" or online manual pages for curl. They will point you to
>>> two relevant options: --user and --proxy-user. AFAICT, your particular
>>> cache manager requests are sent _to_ the proxy (as if it were an origin
>>> server) rather than _through_ the proxy. Thus, you should use --user.
>>>
>>> As I keep saying on this thread, due to Squid complications related to
>>> Bug 5283, specifying seemingly correct client parameters may not be
>>> enough to convince Squid to accept the cache manager request. I
>>> recommend the following procedure:
>>>
>>> 1. List the corresponding http_port directive first, before any other
>>> http_port, https_port, and ftp_port directives. Do not use interception
>>> of any kind for this cache manager port.
>>>
>>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
>>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
>>> https scheme.
>>>
>>> 3. In that absolute mgr URL, use the host name that matches
>>> visible_hostname in squid.conf. If you do not have visible_hostname in
>>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
>>> often much easier to get this to work with visible_hostname than without it.
>>>
>>> 4. Make (passwordless) mgr:info use case working first, before trying to
>>> get password-protected pages working.
>>>
>>> 5. When you do specify a username and a password, remember that you are
>>> sending this request to an (equivalent of) a service running on an
>>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>>>
>>>
>>> If you cannot figure it out despite carefully going through the above
>>> steps, share (privately if needed) a pointer to compressed ALL,9
>>> cache.log while reproducing the problem with throw-away credentials on
>>> an idle Squid with a single curl request. Mention which step you got
>>> stuck on.
>>>
>>>
>>> HTH,
>>>
>>> Alex.
>>>
>>> _______________________________________________
>>> squid-users mailing list
>>> squid-users at lists.squid-cache.org
>>> https://lists.squid-cache.org/listinfo/squid-users
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>>
>>
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> https://lists.squid-cache.org/listinfo/squid-users
>
>
>
> --
> Francesco
More information about the squid-users
mailing list