[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Francesco Chemolli gkinkie at gmail.com
Mon Jul 22 18:22:48 UTC 2024 

Not really, no. Username is not considered, it's just to make sure
that curl sends all the data

On Mon, Jul 22, 2024 at 7:21 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>
> That would require a username for the cachemgr_password account right? I have no usernames set up for this.
>
> How does one add a username for this directive ?
>
> > On Jul 22, 2024, at 11:13, Francesco Chemolli <gkinkie at gmail.com> wrote:
> >
> > Can you try supplying a username to curl? It's also common practice to
> > put flags ('-u user:redacted') before arguments (the URL)
> >
> > On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
> >>
> >> Thanks for the info
> >>
> >> I tried it and this also failed. Dang
> >>
> >> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
> >>
> >>  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
> >>                                 Dload  Upload   Total   Spent    Left  Speed
> >>
> >>  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
> >> 100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
> >> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
> >> <html><head>
> >> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
> >> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
> >> <title>ERROR: The requested URL could not be retrieved</title>
> >> <style type="text/css"><!--
> >> /*
> >> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
> >> *
> >> * Squid software is distributed under GPLv2+ license and includes
> >> * contributions from numerous individuals and organizations.
> >> * Please see the COPYING and CONTRIBUTORS files for details.
> >> */
> >>
> >> /*
> >> Stylesheet for Squid Error pages
> >> Adapted from design by Free CSS Templates
> >> http://www.freecsstemplates.org
> >> Released for free under a Creative Commons Attribution 2.5 License
> >> */
> >>
> >> However I get a new error when attempting to connect over a web browser
> >>
> >> ERROR
> >>
> >> The requested URL could not be retrieved
> >>
> >> ________________________________
> >>
> >> Invalid Request error was encountered while trying to process the request:
> >>
> >> GET /squid-internal-mgr HTTP/1.1
> >> Host: lee_family.home.arpa:3128
> >> Upgrade-Insecure-Requests: 1
> >> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> >> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
> >> Accept-Language: en-US,en;q=0.9
> >> Accept-Encoding: gzip, deflate
> >> Connection: keep-alive
> >> DNT: 1
> >>
> >> Some possible problems are:
> >>
> >> Request is too large.
> >>
> >> Content-Length missing for POST or PUT requests.
> >>
> >> Illegal character in hostname; underscores are not allowed.
> >>
> >> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
> >>
> >> Your cache administrator is
> >>
> >>
> >>
> >> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
> >>
> >> Hello, Jonathan,
> >>
> >>> curl http://localhost:3128/squid-internal-mgr/info
> >>
> >>> Where would I place the password?
> >>
> >> I use the following configuration:
> >> http_access allow localhost  manager
> >> cachemgr_passwd redacted config
> >>
> >> The command to read the current running config is:
> >> curl localhost:3128/squid-internal-mgr/config -u :redacted
> >>
> >>
> >> Kind regards,
> >>      Ankor.
> >>
> >>
> >>
> >>
> >> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com>:
> >>>
> >>> On 2024-07-18 00:55, Jonathan Lee wrote:
> >>>
> >>>> curl http://localhost:3128/squid-internal-mgr/info
> >>>>
> >>>> Where would I place the password?
> >>>
> >>> See "man curl" or online manual pages for curl. They will point you to
> >>> two relevant options: --user and --proxy-user. AFAICT, your particular
> >>> cache manager requests are sent _to_ the proxy (as if it were an origin
> >>> server) rather than _through_ the proxy. Thus, you should use --user.
> >>>
> >>> As I keep saying on this thread, due to Squid complications related to
> >>> Bug 5283, specifying seemingly correct client parameters may not be
> >>> enough to convince Squid to accept the cache manager request. I
> >>> recommend the following procedure:
> >>>
> >>> 1. List the corresponding http_port directive first, before any other
> >>> http_port, https_port, and ftp_port directives. Do not use interception
> >>> of any kind for this cache manager port.
> >>>
> >>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
> >>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
> >>> https scheme.
> >>>
> >>> 3. In that absolute mgr URL, use the host name that matches
> >>> visible_hostname in squid.conf. If you do not have visible_hostname in
> >>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
> >>> often much easier to get this to work with visible_hostname than without it.
> >>>
> >>> 4. Make (passwordless) mgr:info use case working first, before trying to
> >>> get password-protected pages working.
> >>>
> >>> 5. When you do specify a username and a password, remember that you are
> >>> sending this request to an (equivalent of) a service running on an
> >>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
> >>>
> >>>
> >>> If you cannot figure it out despite carefully going through the above
> >>> steps, share (privately if needed) a pointer to compressed ALL,9
> >>> cache.log while reproducing the problem with throw-away credentials on
> >>> an idle Squid with a single curl request. Mention which step you got
> >>> stuck on.
> >>>
> >>>
> >>> HTH,
> >>>
> >>> Alex.
> >>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users at lists.squid-cache.org
> >>> https://lists.squid-cache.org/listinfo/squid-users
> >>
> >> _______________________________________________
> >> squid-users mailing list
> >> squid-users at lists.squid-cache.org
> >> https://lists.squid-cache.org/listinfo/squid-users
> >>
> >>
> >> _______________________________________________
> >> squid-users mailing list
> >> squid-users at lists.squid-cache.org
> >> https://lists.squid-cache.org/listinfo/squid-users
> >
> >
> >
> > --
> >    Francesco
>


-- 
    Francesco

More information about the squid-users mailing list