[squid-users] squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

Jonathan Lee jonathanlee571 at gmail.com
Mon Jul 22 18:33:51 UTC 2024


Tested thanks for the reply and idea access denied and tested with a firewall rule to approve everything to port 80 same result with or without mgr_passord configured, it is like the page is missing in Squid 6.6 or something 

Shell Output - curl localhost:3128/squid-internal-mgr/info -u admin:redacted
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100  3783  100  3783    0     0   111k      0 --:--:-- --:--:-- --:--:--  115k
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html><head>
<meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css"><!--
 /*
 * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
 *
 * Squid software is distributed under GPLv2+ license and includes
 * contributions from numerous individuals and organizations.
 * Please see the COPYING and CONTRIBUTORS files for details.
 */

/*
 Stylesheet for Squid Error pages
 Adapted from design by Free CSS Templates
 http://www.freecsstemplates.org
 Released for free under a Creative Commons Attribution 2.5 License
*/

/* Page basics */
* {
	font-family: verdana, sans-serif;
}

html body {
	margin: 0;
	padding: 0;
	background: #efefef;
	font-size: 12px;
	color: #1e1e1e;
}

> On Jul 22, 2024, at 11:24, Jonathan Lee <jonathanlee571 at gmail.com> wrote:
> 
> Ok thanks let me boot that environment and test again, my concern is that is looks like it is attempting it from my WAN side address that is my wan address and not the loopback 
> 
>> On Jul 22, 2024, at 11:22, Francesco Chemolli <gkinkie at gmail.com> wrote:
>> 
>> Not really, no. Username is not considered, it's just to make sure
>> that curl sends all the data
>> 
>> On Mon, Jul 22, 2024 at 7:21 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>> 
>>> That would require a username for the cachemgr_password account right? I have no usernames set up for this.
>>> 
>>> How does one add a username for this directive ?
>>> 
>>>> On Jul 22, 2024, at 11:13, Francesco Chemolli <gkinkie at gmail.com> wrote:
>>>> 
>>>> Can you try supplying a username to curl? It's also common practice to
>>>> put flags ('-u user:redacted') before arguments (the URL)
>>>> 
>>>> On Mon, Jul 22, 2024 at 5:12 PM Jonathan Lee <jonathanlee571 at gmail.com> wrote:
>>>>> 
>>>>> Thanks for the info
>>>>> 
>>>>> I tried it and this also failed. Dang
>>>>> 
>>>>> Shell Output - curl localhost:3128/squid-internal-mgr/info -u :redacted
>>>>> 
>>>>> % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>>>>>                               Dload  Upload   Total   Spent    Left  Speed
>>>>> 
>>>>> 0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
>>>>> 100  3773  100  3773    0     0  90756      0 --:--:-- --:--:-- --:--:-- 94325
>>>>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
>>>>> <html><head>
>>>>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software Foundation and contributors">
>>>>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
>>>>> <title>ERROR: The requested URL could not be retrieved</title>
>>>>> <style type="text/css"><!--
>>>>> /*
>>>>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors
>>>>> *
>>>>> * Squid software is distributed under GPLv2+ license and includes
>>>>> * contributions from numerous individuals and organizations.
>>>>> * Please see the COPYING and CONTRIBUTORS files for details.
>>>>> */
>>>>> 
>>>>> /*
>>>>> Stylesheet for Squid Error pages
>>>>> Adapted from design by Free CSS Templates
>>>>> http://www.freecsstemplates.org
>>>>> Released for free under a Creative Commons Attribution 2.5 License
>>>>> */
>>>>> 
>>>>> However I get a new error when attempting to connect over a web browser
>>>>> 
>>>>> ERROR
>>>>> 
>>>>> The requested URL could not be retrieved
>>>>> 
>>>>> ________________________________
>>>>> 
>>>>> Invalid Request error was encountered while trying to process the request:
>>>>> 
>>>>> GET /squid-internal-mgr HTTP/1.1
>>>>> Host: lee_family.home.arpa:3128
>>>>> Upgrade-Insecure-Requests: 1
>>>>> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>>>>> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15
>>>>> Accept-Language: en-US,en;q=0.9
>>>>> Accept-Encoding: gzip, deflate
>>>>> Connection: keep-alive
>>>>> DNT: 1
>>>>> 
>>>>> Some possible problems are:
>>>>> 
>>>>> Request is too large.
>>>>> 
>>>>> Content-Length missing for POST or PUT requests.
>>>>> 
>>>>> Illegal character in hostname; underscores are not allowed.
>>>>> 
>>>>> HTTP/1.1 Expect: feature is being asked from an HTTP/1.0 software.
>>>>> 
>>>>> Your cache administrator is
>>>>> 
>>>>> 
>>>>> 
>>>>> On Jul 22, 2024, at 04:42, Andrey K <ankor2023 at gmail.com> wrote:
>>>>> 
>>>>> Hello, Jonathan,
>>>>> 
>>>>>> curl http://localhost:3128/squid-internal-mgr/info
>>>>> 
>>>>>> Where would I place the password?
>>>>> 
>>>>> I use the following configuration:
>>>>> http_access allow localhost  manager
>>>>> cachemgr_passwd redacted config
>>>>> 
>>>>> The command to read the current running config is:
>>>>> curl localhost:3128/squid-internal-mgr/config -u :redacted
>>>>> 
>>>>> 
>>>>> Kind regards,
>>>>>    Ankor.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> чт, 18 июл. 2024 г. в 17:07, Alex Rousskov <rousskov at measurement-factory.com>:
>>>>>> 
>>>>>> On 2024-07-18 00:55, Jonathan Lee wrote:
>>>>>> 
>>>>>>> curl http://localhost:3128/squid-internal-mgr/info
>>>>>>> 
>>>>>>> Where would I place the password?
>>>>>> 
>>>>>> See "man curl" or online manual pages for curl. They will point you to
>>>>>> two relevant options: --user and --proxy-user. AFAICT, your particular
>>>>>> cache manager requests are sent _to_ the proxy (as if it were an origin
>>>>>> server) rather than _through_ the proxy. Thus, you should use --user.
>>>>>> 
>>>>>> As I keep saying on this thread, due to Squid complications related to
>>>>>> Bug 5283, specifying seemingly correct client parameters may not be
>>>>>> enough to convince Squid to accept the cache manager request. I
>>>>>> recommend the following procedure:
>>>>>> 
>>>>>> 1. List the corresponding http_port directive first, before any other
>>>>>> http_port, https_port, and ftp_port directives. Do not use interception
>>>>>> of any kind for this cache manager port.
>>>>>> 
>>>>>> 2. Use curl with absolute squid-internal-mgr URLs with http scheme (like
>>>>>> you show above). Do _not_ use "curl --proxy" or similar. Do not use
>>>>>> https scheme.
>>>>>> 
>>>>>> 3. In that absolute mgr URL, use the host name that matches
>>>>>> visible_hostname in squid.conf. If you do not have visible_hostname in
>>>>>> squid.conf, add it. This is not required, but, due to Squid bugs, it is
>>>>>> often much easier to get this to work with visible_hostname than without it.
>>>>>> 
>>>>>> 4. Make (passwordless) mgr:info use case working first, before trying to
>>>>>> get password-protected pages working.
>>>>>> 
>>>>>> 5. When you do specify a username and a password, remember that you are
>>>>>> sending this request to an (equivalent of) a service running on an
>>>>>> origin server, _not_ a proxy (hence --user rather than --proxy-user).
>>>>>> 
>>>>>> 
>>>>>> If you cannot figure it out despite carefully going through the above
>>>>>> steps, share (privately if needed) a pointer to compressed ALL,9
>>>>>> cache.log while reproducing the problem with throw-away credentials on
>>>>>> an idle Squid with a single curl request. Mention which step you got
>>>>>> stuck on.
>>>>>> 
>>>>>> 
>>>>>> HTH,
>>>>>> 
>>>>>> Alex.
>>>>>> 
>>>>>> _______________________________________________
>>>>>> squid-users mailing list
>>>>>> squid-users at lists.squid-cache.org
>>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>>> 
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>>> 
>>>>> 
>>>>> _______________________________________________
>>>>> squid-users mailing list
>>>>> squid-users at lists.squid-cache.org
>>>>> https://lists.squid-cache.org/listinfo/squid-users
>>>> 
>>>> 
>>>> 
>>>> --
>>>>  Francesco
>>> 
>> 
>> 
>> -- 
>>   Francesco
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20240722/14451e3e/attachment-0001.htm>


More information about the squid-users mailing list