Could this cause the issue? acl https_login url_regex -i ^https.*(login|Login).* cache deny https_login
> On Jul 11, 2024, at 11:12, Jonathan Lee <jonathanlee...@gmail.com> wrote: > > cachemgr_passwd disable offline_toggle reconfigure shutdown > cachemgr_passwd PASSWORDREDCATED all > eui_lookup on > acl no_miss url_regex -i gateway\.facebook\.com\/ws\/realtime\? > acl no_miss url_regex -i web-chat-e2ee\.facebook\.com\/ws\/chat > acl CONNECT method CONNECT > acl wuCONNECT dstdomain www.update.microsoft.com > acl wuCONNECT dstdomain sls.microsoft.com > http_access allow CONNECT wuCONNECT localnet > http_access allow CONNECT wuCONNECT localhost > http_access allow windowsupdate localnet > http_access allow windowsupdate localhost > http_access allow HttpAccess localnet > http_access allow HttpAccess localhost > http_access deny manager > http_access deny to_ipv6 > http_access deny from_ipv6 > > acl BrokenButTrustedServers dstdomain "/usr/local/pkg/dstdom.broken" > acl DomainMismatch ssl_error SQUID_X509_V_ERR_DOMAIN_MISMATCH > sslproxy_cert_error allow BrokenButTrustedServers DomainMismatch > sslproxy_cert_error deny all > > acl splice_only src 192.168.1.8 #Tasha iPhone > acl splice_only src 192.168.1.10 #Jon iPhone > acl splice_only src 192.168.1.11 #Amazon Fire > acl splice_only src 192.168.1.15 #Tasha HP > acl splice_only src 192.168.1.16 #iPad > > acl splice_only_mac arp MACADDRESSREDACTED > acl splice_only_mac arp MACADDRESSREDACTED > acl splice_only_mac arp MACADDRESSREDACTED > acl splice_only_mac arp MACADDRESSREDACTED > acl splice_only_mac arp MACADDRESSREDACTED > > acl NoSSLIntercept ssl::server_name_regex -i "/usr/local/pkg/reg.url.nobump" > acl NoBumpDNS dstdomain "/usr/local/pkg/dns.nobump" > > acl markBumped annotate_client bumped=true > acl active_use annotate_client active=true > acl bump_only src 192.168.1.3 #webtv > acl bump_only src 192.168.1.4 #toshiba > acl bump_only src 192.168.1.5 #imac > acl bump_only src 192.168.1.9 #macbook > acl bump_only src 192.168.1.13 #dell > > acl bump_only_mac arp MACADDRESSREDACTED > acl bump_only_mac arp MACADDRESSREDACTED > acl bump_only_mac arp MACADDRESSREDACTED > acl bump_only_mac arp MACADDRESSREDACTED > acl bump_only_mac arp MACADDRESSREDACTED > sslproxy_cert_sign signTrusted bump_only_mac > > ssl_bump peek step1 > miss_access deny no_miss active_use > ssl_bump splice https_login active_use > ssl_bump splice splice_only_mac splice_only active_use > ssl_bump splice NoBumpDNS active_use > ssl_bump splice NoSSLIntercept active_use > ssl_bump bump bump_only_mac bump_only active_use > acl activated note active_use true > ssl_bump terminate !activated > > shutdown_lifetime 1 seconds > negative_dns_ttl 5 minutes > > > Does the MAC address and bump have anything to do with it? This worked in the > older versions without having to input a MAC for the loopback > >> On Jul 11, 2024, at 11:08, Jonathan Lee <jonathanlee...@gmail.com> wrote: >> >> I use http access acl set as followed >> >> acl getmethod method GET >> acl to_ipv6 dst ipv6 >> acl from_ipv6 src ipv6 >> acl HttpAccess dstdomain "/usr/local/pkg/http.access” >> >> >> /usr/local/pkg/http.access >> contains: >> office.com >> data.microsoft.com >> windowsupdate.com >> dc1-st.ksn.kaspersky-labs.com >> dc1-file.ksn.kaspersky-labs.com >> dc1.ksn.kaspersky-labs.com >> gsa.apple.com >> apps.apple.com >> certs.apple.com >> crl.apple.com >> entrust.net >> digicert.com >> ocsp.apple.com >> ocsp2.apple.com >> valid.apple.com >> push.apple.com >> itunes.apple.com >> appldnld.apple.com >> gg.apple.com >> gs.apple.com >> mesu.apple.com >> oscdn.apple.com >> osrecovery.apple.com >> swcdn.apple.com >> swdownload.apple.com >> updates-http.cdn-apple.com >> appldnld.apple.com.edgesuite.net >> suconfig.apple.com >> audiocontentdownload.apple.com >> devimages-cdn.apple.com >> download.developer.apple.com >> sylvan.apple.com >> static.ips.apple.com >> >> >> http_access allow CONNECT wuCONNECT localnet >> http_access allow CONNECT wuCONNECT localhost >> http_access allow windowsupdate localnet >> http_access allow windowsupdate localhost >> http_access allow HttpAccess localnet >> http_access allow HttpAccess localhost >> http_access deny manager >> http_access deny to_ipv6 >> http_access deny from_ipv6 >> >>> On Jul 11, 2024, at 11:02, Jonathan Lee <jonathanlee...@gmail.com> wrote: >>> >>> also >>> >>> Shell Output - squidclient -h 127.0.0.1 -v -U admin -W redacted mgr:info >>> Request: >>> GET http://127.0.0.1:3128/squid-internal-mgr/info HTTP/1.0 >>> Host: 127.0.0.1:3128 >>> User-Agent: squidclient/6.6 >>> Accept: */* >>> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ== >>> Connection: close >>> >>> >>> . >>> HTTP/1.1 403 Forbidden >>> Server: squid >>> Mime-Version: 1.0 >>> Date: Thu, 11 Jul 2024 18:01:46 GMT >>> Content-Type: text/html;charset=utf-8 >>> Content-Length: 3788 >>> X-Squid-Error: ERR_ACCESS_DENIED 0 >>> Vary: Accept-Language >>> Content-Language: en >>> Cache-Status: Lee_Family.home.arpa >>> Cache-Status: Lee_Family.home.arpa;detail=no-cache >>> Connection: close >>> >>>> On Jul 11, 2024, at 10:57, Jonathan Lee <jonathanlee...@gmail.com> wrote: >>>> >>>> Shell Output - squidclient -v -U admin -W REDACTED mgr:info >>>> Request: >>>> GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0 >>>> Host: localhost:3128 >>>> User-Agent: squidclient/6.6 >>>> Accept: */* >>>> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ== >>>> Connection: close >>>> >>>> >>>> . >>>> HTTP/1.1 403 Forbidden >>>> Server: squid >>>> Mime-Version: 1.0 >>>> Date: Thu, 11 Jul 2024 17:55:05 GMT >>>> Content-Type: text/html;charset=utf-8 >>>> Content-Length: 3788 >>>> X-Squid-Error: ERR_ACCESS_DENIED 0 >>>> Vary: Accept-Language >>>> Content-Language: en >>>> Cache-Status: Lee_Family.home.arpa >>>> Cache-Status: Lee_Family.home.arpa;detail=no-cache >>>> Connection: close >>>> >>>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" >>>> "http://www.w3.org/TR/html4/strict.dtd";> >>>> <html><head> >>>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software >>>> Foundation and contributors"> >>>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> >>>> <title>ERROR: The requested URL could not be retrieved</title> >>>> <style type="text/css"><!-- >>>> /* >>>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributor >>>> >>>> Shell Output - squidclient -v -U admin -W REDACTED /squid-internal-mgr/info >>>> Request: >>>> GET /squid-internal-mgr/info HTTP/1.0 >>>> User-Agent: squidclient/6.6 >>>> Accept: */* >>>> Authorization: Basic YWRtaW46R09Qc3lzdGVtYWRtaW4xIQ== >>>> Connection: close >>>> >>>> >>>> . >>>> HTTP/1.1 403 Forbidden >>>> Server: squid >>>> Mime-Version: 1.0 >>>> Date: Thu, 11 Jul 2024 17:56:48 GMT >>>> Content-Type: text/html;charset=utf-8 >>>> Content-Length: 3788 >>>> X-Squid-Error: ERR_ACCESS_DENIED 0 >>>> Vary: Accept-Language >>>> Content-Language: en >>>> Cache-Status: Lee_Family.home.arpa >>>> Cache-Status: Lee_Family.home.arpa;detail=no-cache >>>> Connection: close >>>> >>>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" >>>> "http://www.w3.org/TR/html4/strict.dtd";> >>>> <html><head> >>>> <meta type="copyright" content="Copyright (C) 1996-2023 The Squid Software >>>> Foundation and contributors"> >>>> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> >>>> <title>ERROR: The requested URL could not be retrieved</title> >>>> <style type="text/css"><!-- >>>> /* >>>> * Copyright (C) 1996-2023 The Squid Software Foundation and contributors >>>> Tested both and they also failed >>>> >>>>> On Jul 11, 2024, at 10:27, Jonathan Lee <jonathanlee...@gmail.com> wrote: >>>>> >>>>> Thanks what about the password is it set with@ or -p where would I place >>>>> that? >>>>> Sent from my iPhone >>>>> >>>>>> On Jul 11, 2024, at 10:17, Amos Jeffries <squ...@treenet.co.nz> wrote: >>>>>> >>>>>> >>>>>>> On 11/07/24 06:08, Alex Rousskov wrote: >>>>>>> On 2024-07-10 12:55, Jonathan Lee wrote: >>>>>>>>> Embedding a password in a cache manager command requires providing a >>>>>>>>> username with -U >>>>>>>> squidclient -w /squid-internal-mgr/info -u admin >>>>>>>> squidclient -w /squid-internal-mgr/info@redacted -u admin >>>>>>>> squidclient -w >>>>>>>> http://192.168.1.1:3128/squid-internal-mgr/info@redacted -u admin >>>>>>>> squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info@redacted >>>>>>>> -u admin >>>>>>>> squidclient -w http://127.0.0.1:3128/squid-internal-mgr/info >>>>>>>> squidclient http://127.0.0.1:3128/squid-internal-mgr/info >>>>>>>> squidclient -h 127.0.0.1:3128/squid-internal-mgr/info >>>>>>>> squidclient -h 127.0.0.1 /squid-internal-mgr/info >>>>>>>> squidclient -h 127.0.0.1 /squid-internal-mgr/info@redcated >>>>>>>> squidclient -w 127.0.0.1 /squid-internal-mgr/info@redacted >>>>>>>> squidclient -w 127.0.0.1 /squid-internal-mgr/info@redcated -u admin >>>>>>>> squidclient -h 192.168.1.1:3128 /squid-internal-mgr/info@redacted >>>>>>>> squidclient -h 192.168.1.1 /squid-internal-mgr/info@redacted >>>>>>>> squidclient -h 192.168.1.1 /squid-internal-mgr/info >>>>>>>> >>>>>>>> with -w -u -h http spaces I can’t get it to show me stats >>>>>>>> >>>>>>>> Squid 6.6 >>>>>>> I do not know whether this mistake is relevant, but squidclient >>>>>>> documentation and error message imply that you should be using "-U" >>>>>>> (capital letter U) while you are using "-u" (small letter u). >>>>>> >>>>>> >>>>>> It is very relevant. As Matus already mentioned, both -U and -W. >>>>>> >>>>>> >>>>>> squidclient -v -U admin -W cachemgr_password mgr:info >>>>>> Request: >>>>>> GET http://localhost:3128/squid-internal-mgr/info HTTP/1.0 >>>>>> Host: localhost:3128 >>>>>> User-Agent: squidclient/6.10 >>>>>> Accept: */* >>>>>> Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ= >>>>>> Connection: close >>>>>> >>>>>> >>>>>> squidclient -v -U admin -W cachemgr_password /squid-internal-mgr/info >>>>>> Request: >>>>>> GET /squid-internal-mgr/info HTTP/1.0 >>>>>> Host: localhost:3128 >>>>>> User-Agent: squidclient/6.10 >>>>>> Accept: */* >>>>>> Authorization: Basic YWRtaW46Y2FjaGVtZ3JfcGFzc3dvcmQ= >>>>>> Connection: close >>>>>> >>>>>> >>>>>> Cheers >>>>>> Amos >>>>>> _______________________________________________ >>>>>> squid-users mailing list >>>>>> squid-users@lists.squid-cache.org >>>>>> https://lists.squid-cache.org/listinfo/squid-users >>>> >>> >> >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org https://lists.squid-cache.org/listinfo/squid-users
