Fwd: [squid-users] cachemgr.cgi authentication issues (HELP!)

From: <[email protected]>
Date: Sat, 31 Jan 2004 20:50:56 -0500

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: Bryan Dunn <bryan_dunn@aearo.com>
To: squid-users@squid-cache.org
Date: Friday, January 30, 2004, 11:41:09 AM
Subject: [squid-users] cachemgr.cgi authentication issues (HELP!)

===8<==============Original message text===============
Hello fellow squidders!

I have been searching through the faq's and mailing list archives for 3
days now with no success. I am trying to use cachemgr.cgi and I am
getting "Cache Access Denied." I have tried changing around my acl's,
and even when "all" has permission to access manager, I can't get it to
work (from the localhost or anywhere else). After turning on debugging,
I am seeing this message when I try to access cachemgr.cgi:

2004/01/30 11:33:46| authenticateValidateUser: Validating Auth_user
request '(nil)'.
2004/01/30 11:33:46| authenticateValidateUser: Auth_user_request was NULL!
2004/01/30 11:33:46| The request GET
http://localhost/cgi-bin/cachemgr.cgi is DENIED, because it matched
'auth_users'
2004/01/30 11:33:46| authenticateFixHeader: headertype:34 authuser:(nil)
2004/01/30 11:33:46| authenticateFixErrorHeader: Sending type:34 header:
'Basic
realm="Squid proxy-caching web server"'

I am using ldap to force my users to authenticate via a novell server,
but I'm not sure if that is causing the issue. Can someone point me in
the right direction?

(Here's some snippets of my squid.conf)

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager server
http_access allow manager auth_users
http_access deny manager
http_access allow ourhosts
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

----------------

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl server src 204.126.212.253/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl ourhosts src 204.126.0.0/255.255.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl auth_users proxy_auth REQUIRED

-- 
Bryan Dunn
Systems Administrator
Aearo Company
508-764-5239
===8<===========End of original message text===========
-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net
Received on Sat Jan 31 2004 - 19:46:27 MST

This archive was generated by hypermail pre-2.1.9 : Sun Feb 01 2004 - 12:00:11 MST