[squid-users] cachemgr.cgi authentication issues (HELP!)

From: Bryan Dunn <bryan_dunn@dont-contact.us>
Date: Fri, 30 Jan 2004 11:41:09 -0500

Hello fellow squidders!

I have been searching through the faq's and mailing list archives for 3
days now with no success. I am trying to use cachemgr.cgi and I am
getting "Cache Access Denied." I have tried changing around my acl's,
and even when "all" has permission to access manager, I can't get it to
work (from the localhost or anywhere else). After turning on debugging,
I am seeing this message when I try to access cachemgr.cgi:

2004/01/30 11:33:46| authenticateValidateUser: Validating Auth_user
request '(nil)'.
2004/01/30 11:33:46| authenticateValidateUser: Auth_user_request was NULL!
2004/01/30 11:33:46| The request GET
http://localhost/cgi-bin/cachemgr.cgi is DENIED, because it matched
'auth_users'
2004/01/30 11:33:46| authenticateFixHeader: headertype:34 authuser:(nil)
2004/01/30 11:33:46| authenticateFixErrorHeader: Sending type:34 header:
'Basic
realm="Squid proxy-caching web server"'

I am using ldap to force my users to authenticate via a novell server,
but I'm not sure if that is causing the issue. Can someone point me in
the right direction?

(Here's some snippets of my squid.conf)

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager server
http_access allow manager auth_users
http_access deny manager
http_access allow ourhosts
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

----------------

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl server src 204.126.212.253/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl ourhosts src 204.126.0.0/255.255.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl auth_users proxy_auth REQUIRED

-- 
Bryan Dunn
Systems Administrator
Aearo Company
508-764-5239
Received on Fri Jan 30 2004 - 09:44:40 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:09 MST