[squid-users] cachemgr.cgi problem

From: Raj <[email protected]>
Date: Mon, 6 Mar 2006 15:02:10 +1100

Hi All,

I have been struggling to configure cachemgr.cgi on my squid
(2.5STABLE 10) server. It works fine if I disable NTLM authentication.
If I enable NTLM authentication I am not able to access the
cachemgr.cgi web page. It says access denied. Then I did a diff on
squid.auth.conf file (NTLM enabled config) and squid.noauth.conf (NTLM
disabled config). I am not able to figure which ACL is denying me
access when I try to access the cachemgr.cgi web page:

diff squid.auth.conf squid.noauth.conf

< #cache_peer 172.161.195 parent 3128 0 weight=15 no-digest proxy-only
< #cache_peer 172.161.67 parent 3128 0 weight=10 no-digest proxy-only
446d443
< no_cache deny ifrmarkets
448a446
> no_cache deny ifrmarkets
485a484
> #cache_mem 256 MB
682a682
> #cache_dir ufs /var/squid/cache 5120 16 256
1191c1191
< auth_param basic children 50

---
> auth_param basic children 50
1296,1297c1296
< #external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN
/usr/local/squid/libexec/wbinfo_group.pl
< external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN
/opt/squid/libexec/wbinfo_group.pl
---
> external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl
1711,1713d1709
< acl deny_web_group external wbinfo_group_helper restricted1
< http_access deny deny_web_group
<
1730d1725
< acl Safe_ports port 20001     # TBGW
1732a1728
> acl Safe_ports port 20001     # TBGW server
1743,1744c1739
< #     NOT
< # on default values:
---
> #     NOTE on default values:
1764,1765c1759,1760
< acl ausv-00002 src 172.16.11.150/255.255.255.255
< acl CMGR src 172.16.0.0/255.255.0.0
---
> acl ausv-00002 src 172.16.11.150/32
> acl CMGR src 172.16.0.0/16
1767d1761
< http_access deny manager !localhost !ausv-00002 !CMGR !ausv-00001
1768a1763,1767
> http_access allow manager localhost
> http_access allow manager ausv-00001
> http_access allow manager ausv-00002
> http_access allow manager CMGR
> http_access deny manager
1769a1769
>
1774,1780d1773
<
<
< http_access allow localhost
< http_access allow ausv-00001
< http_access allow ausv-00002
< http_access allow CMGR
<
1792c1785
< acl NOAUTH src 172.16.69.14/32 172.16.70.204/32 172.16.78.20/32
172.16.78.37/32 172.16.78.39/32 172.16.100.68/32 172.16.70.64/32
172.16.117.192/32 172.16.11.150/32 10.185.234.13/32
---
> acl NOAUTH src 172.16.69.14/32 172.16.70.204/32 172.16.78.20/32 172.16.78.37/32 172.16.78.39/32 172.16.100.68/32
1835d1827
< acl jesse src 172.16.117.192/32
1880a1873,1875
> acl NetOMS-ip5 dst 66.227.81.53/32
> acl NetOMS-ip6 dst 66.227.81.51/32
> acl NetOMS-ip7 dst 66.227.81.52/32
1888d1882
< #acl CAAML dst 62.17.163.240/32
< http_access allow ECI
< http_access allow APH
1904,1906d1892
< #http_access allow CAAML
< http_access allow jesse
< http_access allow TBGW
1919a1906
> ########### JVM NTLM ISSUE RECTIFICATION
1920a1908,1909
> acl java_jvm browser Java/1.4
> http_access allow java_jvm
1936a1926,1928
> http_access allow NetOMS-ip5
> http_access allow NetOMS-ip6
> http_access allow NetOMS-ip7
1943a1936
> http_access allow AME-3
1954c1947,1948
<
---
> http_access allow TBGW
>
1959a1954
>
1968d1962
< http_access allow Internet
1974,1975c1968,1969
< acl msnoverhttp url_regex -i "/opt/squid/etc/msnoverhttp.txt"
< http_access deny mimeblockq
---
> acl msnoverhttp url_regex -i "/opt/squid/etc/msnoverhttp.txt"
> http_access deny mimeblockq
1995,1997c1989,1991
< http_access allow Allowed-ABC-AU
< http_access allow Allowed-ABC-NZ
< http_access allow au-company AuthorisedUsers
---
> #http_access allow Allowed-ABC-AU
> #http_access allow Allowed-ABC-NZ
> #http_access allow au-company AuthorisedUsers
1999c1993
< #http_access allow au-company
---
> http_access allow au-company
< #http_access allow localhost
---
> http_access allow localhost
2016c2010
< http_access deny all
---
> http_access deny All
2050,2052c2044
< icp_access allow CMGR
< icp_access deny all
< #icp_access deny all
---
> # icp_access deny all
2206d2197
< cache_mgr ap.it.helpdesk@my.company.com
Any help would be really appreciated.
Received on Sun Mar 05 2006 - 21:02:12 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST