Re: [squid-users] can't access cachemgr from Eliezer Croitoru on 2012-05-02 (squid-users)

From: Eliezer Croitoru <eliezer_at_ngtech.co.il>
Date: Wed, 02 May 2012 18:28:00 +0300

On 02/05/2012 17:37, Jeff MacDonald wrote:
> Hi,
>
> I've seen this similar issue for a lot of people around the web, and have tried my best to debug my access rules.
>
> The error message I get is :
>
> 1335968823.335 8 127.0.0.1 TCP_DENIED/407 2201 GET cache_object://localhost/ jeff_at_bignose.ca NONE/- text/html
>
> I'm pretty sure I'm missing something miniscule, but need help finding it.
>
> Here are my access rules in my squid.conf

try to move the access rules of the manager to the top and move down the
auth access rule

http_access allow manager localhost
http_access allow manager example
http_access allow westhants

by the way how are you trying to access the cache_object?
using squidclient ?
i'm using the basic config files on opensuse 12.1 with squid 3.1.16 and
it seems to work like that.
sample :
squidclient cache_object://localhost/client_list

Eliezer

>
> root_at_proxy:/etc/squid3# grep -e ^acl -e ^http_acc /etc/squid3/squid.conf
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl example src 192.168.11.16/32
> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
> acl westhants proxy_auth REQUIRED
> http_access allow westhants
> http_access allow manager localhost
> http_access allow manager example
> http_access deny all
> acl westhants-network src 192.168.11.0/24
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow westhants-network
> http_access deny all
>
> Thanks!
>
> --
> Jeff MacDonald
> jeff_at_terida.com
> 902 880 7375
>

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il

Received on Wed May 02 2012 - 15:28:09 MDT

This archive was generated by hypermail 2.2.0 : Thu May 24 2012 - 12:00:04 MDT