Cachemgr.cgi -- access denied

From: Francis Vidal <[email protected]>
Date: Sat, 24 May 1997 09:20:15 +0800 (HKT)

hello squidders!

i had a hard time making cachemgr.cgi work. i installed squid 1.1.9 on my
system (linux 2.0.30). here's my squid.conf file:

---BEGIN squid.conf---

cache_host cit.lasaltech.com sibling 3128 3130
cache_host cebu.mozcom.com sibling 8080 3130
cache_host proxy-s.mozcom.com parent 8088 3130
cache_host proxy-m.mozcom.com parent 8088 3130

local_domain usls.edu

source_ping on

hierarchy_stoplist cgi-bin ?
cache_stoplist cgi-bin ?

cache_mem 32
cache_swap 4026
cache_dir /cache
cache_store_log none
pid_filename /var/run/squid.pid
debug_options ALL,1
ftp_user squid@proxy.usls.edu

refresh_pattern/i \.mov$ 10080 90% 43200
refresh_pattern/i \.qtm$ 10080 90% 43200
refresh_pattern/i \.mid$ 10080 90% 43200
refresh_pattern/i \.wav$ 10080 90% 43200
refresh_pattern/i \.viv$ 4320 90% 43200
refresh_pattern/i \.mpg$ 4320 90% 43200
refresh_pattern/i \.gif$ 10080 90% 43200
refresh_pattern/i \.jpg$ 10080 90% 43200
refresh_pattern ^http:// 240 40% 20160
refresh_pattern ^ftp:// 240 50% 20160
refresh_pattern ^gopher:// 240 40% 20160
refresh_pattern /cgi-bin/ 0 0% 30
refresh_pattern . 240 40% 20160

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

acl SSL_ports port 443 563
acl Dangerous_ports port 7 9 19
acl CONNECT method CONNECT

acl MyClients src 202.47.133.35-202.47.133.46/255.255.255.240

# Only allow access to the cache manager functions from the local host.
http_access deny manager !localhost
http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports

# Allow everything else
http_access allow MyClients

# Reply to all ICP queries we receive
icp_access allow MyClients

miss_access allow all

cache_mgr webmaster@usls.edu
cache_effective_user nobody nogroup
visible_hostname proxy.usls.edu

cachemgr_passwd <password> all

---END squid.conf---

i'm connected to my ISP via a 64K leased line. my ISP is connected via
256K leased line to a switch... from the switch, 512K leased line to the
main ISP... the main ISP has 3 proxies connected to MCI and Sprint.

as you can see, from squid.conf, that squid is running as nobody.nogroup
... what is the main advantage of this? why can't i access the information
from cachemgr.cgi?

here some more info...

../bin
================

-rwxr-xr-x 1 root root 724 Apr 25 10:51 RunAccel*
-rwxr-xr-x 1 root root 672 Apr 25 10:51 RunCache*
-rwxr-xr-x 1 root root 68170 Apr 25 10:51 client*
-rwxr-xr-x 1 root root 22725 Apr 25 10:51 dnsserver*
-rwxr-xr-x 1 root root 144168 Apr 25 10:51 ftpget*
-rwxr-xr-x 1 root root 1002409 Apr 25 10:51 squid*
-rwxr-xr-x 1 root root 11261 Apr 25 10:51 unlinkd*

../etc
===============

-rw-r--r-- 1 root root 40169 May 24 08:59 squid.conf
-rw-r--r-- 1 root root 39219 Apr 25 10:51 squid.conf.default

../logs
===============

-rw-r----- 1 nobody nogroup 3702187 May 24 09:02 access.log
-rw-r----- 1 nobody nogroup 243657 May 24 08:59 cache.log

../cgi-bin
===============

-rwxr-xr-x 1 root root 57205 Apr 25 10:51 cachemgr.cgi*
Received on Sat May 24 1997 - 18:29:09 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:35:15 MST