RE: [squid-users] IIS 6.0 and cachemgr.cgi issue

From: Jeroen DEMETS - SAVACO <jeroen.demets@dont-contact.us>
Date: Mon, 25 Apr 2005 10:30:43 +0200

>In IIS 6.0 and IIS 5.1 permissions of IUSR_xxxxx user account used by
IIS
>for anonymous access was changed. Now you must disable IIS anonymous
access
>on the cgi-bin directory to allow cachemgr to work correctly (not a so
bad
>security settings ...), don't forget that you must enable at least one
>authentication schema in the IIS config.

Hi,

I tried disabling the anonymous access on both a virtual directory and a
new website (port 81) but I still get the error. The only authentication
is integrated auth. I started using the wizard so the rest is default.
Of course my default webpage is set cachemgr.cgi and not index.html or
something like that.

Maybe you changed some other things while testing?

Kind regards,
Jeroen.

I've copy/pasted my config for your information:

http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl to_NoCacheDomains dstdomain .checkpoint.com
no_cache deny QUERY
no_cache deny to_NoCacheDomains
cache_mem 50 MB
auth_param ntlm program c:/squid/libexec/win32_ntlm_auth.exe
auth_param ntlm children 5
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate off
auth_param basic program c:/squid/libexec/nt_auth.exe
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl LocalRange src 172.20.0.0/16 192.168.100.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager LocalRange
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
external_acl_type NT_global_group %LOGIN
c:/squid/libexec/win32_check_group.exe -G -c
acl allow_internet external NT_global_group internet
acl password proxy_auth REQUIRED
http_access allow password allow_internet
http_access deny all
http_reply_access allow all
cache_mgr webmaster@savaco.com
cachemgr_passwd savaco all
acl to_LocalRange dst 172.20.0.0/16 192.168.100.0/24
always_direct allow to_LocalRange
coredump_dir c:/squid/var/cache
Received on Mon Apr 25 2005 - 02:30:48 MDT

This archive was generated by hypermail pre-2.1.9 : Sun May 01 2005 - 12:00:04 MDT