Re: [squid-users] Troubles with cachemgr.cgi

From: Chris Robertson <crobertson@dont-contact.us>
Date: Wed, 31 Jan 2007 11:58:41 -0900

Roberto Navarro - Tusprofesionales, SL wrote:
> I cannot acces cachemgr.cgi
>
> Whenever I try to access, i get the following error:
>
> ERROR
> Cache Access Denied
>
> While trying to retrieve the URL: cache_object://localhost/
>
> The following error was encountered:
>
> * Acceso denegado al caché.
>
> Sorry, you are not currently allowed to request:
>
> cache_object://localhost/
>
> from this cache until you have authenticated yourself.
>
> You need to use Netscape version 2.0 or greater, or Microsoft Internet
> Explorer 3.0, or an HTTP/1.1 compliant browser for this to work. Please
> contact the cache administrator if you have
> difficulties authenticating yourself or change your default password.
>
> Generated Tue, 30 Jan 2007 16:32:05 GMT by proxy.domain.com
> (squid/2.5.STABLE13)
>
> This is our actual conf:
>
> # cat /etc/squid/squid.conf|grep -v \#|grep -v ^$
> http_port 127.0.0.1:3128
> http_port 192.168.0.32:3128
> http_port 192.168.0.32:8080
> icp_port 0
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex php cgi-bin \?
> no_cache deny QUERY
> cache_dir ufs /var/spool/squid 500 16 256
> cache_dir ufs /home/squid 7000 16 256
> ftp_user -joe@
> ftp_list_width 64
> ftp_passive off
> redirect_program /usr/bin/squidguard -c /etc/squid/squidguard.conf
> redirect_children 15
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp
> auth_param ntlm children 5
> auth_param ntlm max_challenge_reuses 0
> auth_param ntlm max_challenge_lifetime 2 minutes
> auth_param basic program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-basic
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> acl AuthorizedUsers proxy_auth REQUIRED
> http_access allow AuthorizedUsers
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
> acl snmppublic snmp_community tusprofe
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl snmpServer src 86.109.160.230/255.255.255.255
> acl apache src 192.168.0.32/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563 2000 8443
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access allow manager apache
> http_access deny manager !localhost !apache
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> acl our_networks src 192.168.0.0/24
> http_access allow our_networks
> http_access allow localhost
> http_access deny all
> http_reply_access allow all
> icp_access allow all
> cache_mgr rnavarro@tusprofesionales.es
> cache_effective_user squid
> cache_effective_group squid
> httpd_accel_port 80
> httpd_accel_host virtual
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> cachemgr_passwd 6yt55rr44 all
> error_directory /usr/share/squid/errors/Spanish
> snmp_port 3401
> snmp_access allow snmppublic localhost
> snmp_access allow snmppublic snmpServer
> snmp_access deny all
> coredump_dir /var/spool/squid
>
>
> All the computers are configured to use transparent proxy, and their
> requests are redirected with iptables, but the computer from I'm
> trying to access the cachemgr, doesn't have the proxy configured nor
> is using it as transparent proxy (their requests aren't redirected by
> iptables).
>
>
> _________________
> Regards,
> Roberto Navarro Reyes
> SysAdmin - Tusprofesionales, SL

If you specify a cachemgr_passwd and use the "all" keyword, it seems you
have to use the cache_mgr as the user. Using another user (or none at
all) will show you the menu, but will not allow you to perform any actions.

Chris
Received on Wed Jan 31 2007 - 13:58:50 MST

This archive was generated by hypermail pre-2.1.9 : Thu Feb 01 2007 - 12:00:01 MST