[squid-users] cachemgr + client

From: Rost, Werner <Werner.Rost@dont-contact.us>
Date: Tue, 12 Mar 2002 16:53:30 +0100

My configuration: Squid 2.4 Stable 3
Compaq ALPHA server / TRU64 V5.1A
SQUID configuration see below.

All works pretty good. Users are happy ( I dont hear anything - or bad
things nor other oppinions...).

Now I have 2 little (?) problems:

1. Problem with cachemgr
   I am logged on as user root on the server where SQUID is running.
Entering the command

         /usr/local/squid/bin/client -vp 8080 mgr:config

    gives following message in cache.log:

    2002/03/12 16:36:08| CACHEMGR: <unknown>@127.0.0.1 requesting 'config'

    Why ?????????????

2. Problem with client
    The command (user root logged on server running SQUID)

         /usr/local/squid/bin/client -p 8080 http://www.google.de

     gives following output::

HTTP/1.0 407 Proxy Authentication Required
Server: Squid/2.4.STABLE3
Mime-Version: 1.0
Date: Tue, 12 Mar 2002 15:41:38 GMT
Content-Type: text/html
Content-Length: 939
Expires: Tue, 12 Mar 2002 15:41:38 GMT
X-Squid-Error: ERR_CACHE_ACCESS_DENIED 0
Proxy-Authenticate: Basic realm="Squid proxy-caching web server"
X-Cache: MISS from GOAW17
Proxy-Connection: close

<HTML><HEAD>
<TITLE>ERROR: Cache Access Denied</TITLE>
</HEAD>
<BODY>
<H1>ERROR</H1>
<H2>Cache Access Denied</H2>
<HR>
<P>
While trying to retrieve the URL:
<A HREF="http://www.google.com">http://www.google.com</A>
The following error was encountered:
<UL>
<LI>
<STRONG>
Cache Access Denied.
</STRONG>
</UL>
</P>

<P>Sorry, you are not currently allowed to request:
<PRE> http://www.google.com</PRE>
from this cache until you have authenticated yourself.
</P>

<P>
You need to use Netscape version 2.0 or greater, or Microsoft Internet
Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
contact the <A HREF="mailto:webmaster">cache administrator</a> if you have
difficulties authenticating yourself or
<A HREF="http://GOAW17/cgi-bin/chpasswd.cgi">change</a> your default
password.
</P>

<br clear="all">
<hr noshade size=1>
Generated Tue, 12 Mar 2002 15:41:38 GMT by GOAW17 (Squid/2.4.STABLE3)
</BODY></HTML>

No message in cache.log, but an entry in access.log:

1015947951.182 2 127.0.0.1 TCP_DENIED/407 1314 GET
http://www.google.com - NONE/- -
     

Obviously there is a problem with "acl" and "manager"!? Maybe someone knows
what is wrong in my configuration.

Here is my SQUID-configuration ( important IPs are changed to x1.x2... /
y1.y2 ...):

HTTP/1.0 200 OK Server: Squid/2.4.STABLE3 Mime-Version: 1.0 Date: Tue, 12
Mar 2002 13:09:17 GMT Content-Type: text/plain Expires: Tue, 12 Mar 2002
13:09:17 GMT Last-Modified: Tue, 12 Mar 2002 13:09:17 GMT X-Cache: MISS from
GOAW17 Proxy-Connection: close http_port 0.0.0.0:8080
icp_port 3130
tcp_outgoing_address 255.255.255.255
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
cache_peer proxy4.mannesmann.de Parent 8080 7 no-query default
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
no_cache Deny QUERY
cache_mem 134217728 bytes
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4194304 bytes
minimum_object_size 0 bytes
maximum_object_size_in_memory 8192 bytes
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /data1/squid_cache 5000 32 512
cache_access_log /usr/local/squid/logs/access.log
cache_log /usr/local/squid/logs/cache.log
cache_store_log /usr/local/squid/logs/store.log
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /usr/local/squid/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@
ftp_list_width 32
ftp_passive on
dns_retransmit_interval 5 seconds
dns_timeout 300 seconds
dns_nameservers y1.y2.128.5
dns_nameservers y1.y2.128.6
diskd_program /usr/local/squid/libexec/squid/diskd
unlinkd_program /usr/local/squid/libexec/squid/unlinkd
redirect_children 5
redirect_rewrites_host_header on
authenticate_program /usr/local/bin/smb_auth
authenticate_program -W
authenticate_program bogegod
authenticate_program -U
authenticate_program gont-pdc01
authenticate_children 4
authenticate_ttl 3600 seconds
authenticate_ip_ttl 0 seconds
authenticate_ip_ttl_is_strict on
wais_relay_port 0
request_header_max_size 10240 bytes
request_body_max_size 1048576 bytes
reply_body_max_size 2097152 bytes
reference_age 31557790 seconds
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 300 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 300 seconds
range_offset_limit 0 bytes
connect_timeout 120 seconds
peer_connect_timeout 60 seconds
siteselect_timeout 4 seconds
read_timeout 900 seconds
request_timeout 30 seconds
client_lifetime 86400 seconds
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
acl QUERY urlpath_regex cgi-bin
acl QUERY urlpath_regex \?
acl all src 0.0.0.0/0.0.0.0
acl bogeclients src x1.x2.128.0/255.255.255.0
acl bogeclients src x1.x2.129.0/255.255.255.0
acl bogeclients src y1.y2.126.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 21
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 70
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 210
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 1025-65535
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 280
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 488
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 591
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 777
acl Safe_ports port 0
acl Safe_ports port 0
acl Safe_ports port 0
acl porn url_regex analsex

   [ more porn lines ]

acl porn url_regex xhotpics
acl noporn url_regex sdat*.exe

   [ more noporn lines ]

acl noporn url_regex http://list.cineca.it/cgi-bin/wa
acl deny_muell_regex url_regex .mp3$
acl deny_muell_regex url_regex README.EML
acl deny_muell_regex url_regex root.exe
acl deny_muell_regex url_regex cmd.exe
acl deny_muell_regex url_regex readme.eml
acl deny_muell_regex url_regex readme.exe
acl deny_muell_regex url_regex default.ida
acl deny_muell_url urlpath_regex \.eml$
acl deny_muell_url urlpath_regex \.exe$
acl intranet2 dstdomain 145.230.111.120/255.255.255.0
acl intranet2 dstdomain .vodafone-telecommerce.de
acl intranet2 dstdomain .rexroth.de
acl intranet2 dstdomain .rexroth-mecman.de
acl intranet2 dstdomain .mannesmann.de
acl intranet5 dst 145.230.129.173
acl intranet5 dst 145.230.131.140
acl intranet5 dst 145.230.211.0/255.255.255.0
acl intranet5 dst 192.71.221.29
acl intranet5 dst x1.x2.140.0/255.255.255.0
acl intranet5 dst 193.25.152.172
acl intranet5 dst 195.232.137.0/255.255.255.0
acl intranet5 dst y1.y2.149.75
acl internet2 dstdomain .sachs-ag.de
acl internet2 dstdomain .sachs.de
acl intranet_boge dst x1.x2.128.0/255.255.255.0
acl intranet_boge dst x1.x2.129.0/255.255.255.0
acl intranet_boge dst 192.168.100.0/255.255.255.0
acl intranet_boge dst y1.y2.126.0/255.255.255.0
acl intranet_boge_dom dstdomain www.boge-intranet.com
acl internet_boge dstdomain boge.novalis-media.de
acl internet_boge dstdomain .boge-vibrationcontrol.de
acl internet_boge dstdomain .boge-vibrationcontrol.com
acl internet_bahn dstdomain .bahn.de
acl internet_bahn dstdomain .adbureau.net
acl internet_hug dstdomain .hug.de
acl internet_routenpl dstdomain www.route.de
acl auth_inet2 proxy_auth REQUIRED
acl auth_inet5 proxy_auth REQUIRED
acl auth_iboge proxy_auth REQUIRED
acl auth_ibahn proxy_auth REQUIRED
acl auth_ihug proxy_auth REQUIRED
acl auth_iroutenpl proxy_auth REQUIRED
acl CONNECT method CONNECT
http_access Allow manager localhost
http_access Deny !noporn porn
http_access Deny deny_muell_url
http_access Deny deny_muell_regex
http_access Allow intranet2
http_access Allow intranet5
http_access Allow intranet_boge
http_access Allow internet_boge
http_access Allow internet_bahn
http_access Allow internet_hug
http_access Allow internet_routenpl
http_access Allow !intranet_boge auth_iboge
http_access Allow bogeclients
http_access Deny all
http_access Deny !Safe_ports
http_access Deny all
icp_access Allow all
proxy_auth_realm Squid proxy-caching web server
ident_lookup_access Deny all
cache_mgr webmaster
cache_effective_user squid
cache_effective_group users
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header off
dns_testnames netscape.com
dns_testnames internic.net
dns_testnames nlanr.net
dns_testnames microsoft.com
logfile_rotate 3
tcp_recv_bufsize 0 bytes
err_html_text
deny_info ERR_BOGE_PORNO_DENIED porn
memory_pools on
memory_pools_limit 0 bytes
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd none all
store_avg_object_size 13 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
always_direct Allow intranet2
always_direct Allow intranet5
always_direct Allow intranet_boge
always_direct Deny all
never_direct Allow all
icon_directory /usr/local/squid/etc/icons
error_directory /usr/local/squid/etc/errors
minimum_retry_timeout 5 seconds
maximum_single_addr_tries 3
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
redirector_bypass off
ignore_unknown_nameservers on
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0 bytes
store_dir_select_algorithm least-load
ie_refresh off
   

> regards
> Werner Rost
>
> ---------------------------------------------------------------------
> ZF Boge GmbH
> Werner Rost
> IT
> Friesdorfer Str. 175
> D-53175 Bonn
>
>
> phone: +49/228/3825 420
> fax: +49/228/3825 398
> werner.rost@zfboge.com
>
> www.boge-vibrationcontrol.com
> ---------------------------------------------------------------------
>
>

---------------------------------------------------------
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

**

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
---------------------------------------------------------
Received on Tue Mar 12 2002 - 08:49:47 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:55 MST