Yes, you are sure. Squid was build with parameter '--disable-ipv6'. Below you could see the full list of compile options:
# squid -v
Squid Cache: Version 3.5.21
Service Name: squid
configure options:  '--prefix=/usr' '--with-logdir=/var/log/squid/' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid' '--with-default-user=squid' '--disable-ipv6' '--with-filedescriptors=32768' '--enable-default-err-language=Russian' '--enable-err-languages=Russian' '--enable-delay-pools' --enable-ltdl-convenience
Also you could see my hosts-file and configuration file (Thanks Antony Stone for interesting command!):
# more /etc/hosts   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6  uis-proxy-rop.office.***.corp   uis-proxy-rop   UIS-PROXY-ROP
# grep ^[^#] /etc/squid/squid.conf
visible_hostname uis-proxy-rop.office.***.corp
httpd_suppress_version_string on
cache_mgr admins@usk.***.ru
error_directory /usr/share/errors/ru
max_filedesc 32768
access_log daemon:/var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
http_port 3128
cache deny all
coredump_dir /var/cache/squid
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=OFFICE  --kerberos /usr/lib/squid/negotiate_kerberos_auth -s HTTP/uis-proxy-rop.office.***.corp@OFFICE.***.CORP
auth_param negotiate children 500 startup=250 idle=50
auth_param negotiate keep_alive on
auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=OFFICE
auth_param ntlm children 80 startup=55 idle=25
auth_param ntlm keep_alive on
auth_param basic program /usr/lib/squid/basic_ldap_auth -R -D squidreader@office.***.corp -w *** -b "DC=office,DC=***,DC=corp" -f  "sAMAccountName=%s" -H ldap://UISDC3.office.***.corp -Z -d
auth_param basic children 40 startup=15 idle=10
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
external_acl_type memberof children-max=500 children-startup=250 %LOGIN /usr/lib/squid/ext_ldap_group_acl -R -K -b "dc=office,dc=***,dc=corp" -D squidreader@office.***.corp -w Qq123456 -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=internet,ou=Универсальные_группы,ou=groups,ou=lpk,dc=office,dc=***,dc=corp))" -H ldap://UISDC3.office.***.corp -Z
acl auth proxy_auth REQUIRED
acl FullAccess external memberof Proxy-access-enable-full
acl SupportAccess external memberof Proxy-access-enable-support
acl UsersAccess external memberof Proxy-access-enable-users
acl JobSearchAccess external memberof Proxy-access-enable-job-search
acl MailAccess external memberof Proxy-access-enable-mail
acl PRMAccess external memberof Proxy-access-enable-PRM
acl unauthorized-elite src "/etc/squid/unauthorized-elite.list"
acl unauthorized src "/etc/squid/unauthorized.list"
acl local_domains dstdomain "/etc/squid/local_domains.list"
acl local_network dst        # RFC1918 possible internal network
acl local_network dst     # RFC1918 possible internal network
acl local_network dst    # RFC1918 possible internal network
acl servers_network src
deny_info Error_Terminal.html servers_network
acl Passport_quality url_regex*
acl SKAUT_ADDR dst
acl SKAUT_PORT port 22424-22436 81
acl VED-declarant_DOMAIN dstdomain .ed2inteh.ctm.ru .nposapfir.ru
acl AutoGraph_DOMAIN dstdomain .m.tk-chel.ru
acl clicksys_ru_ADDR dstdomain clicksys.ru
acl miflib_ru_DOMAIN dstdomain .***.miflib.ru
acl education_PRM_DOMAIN dstdomain .***.ispringonline.com
acl webmail_domains dstdomain "/etc/squid/banlist/webmail_domains.list"
acl webmail_urls url_regex "/etc/squid/banlist/webmail_urls.list"
acl mail_domains dstdomain "/etc/squid/banlist/mail_domains.list"
acl mail_urls url_regex "/etc/squid/banlist/mail_urls.list"
deny_info Error_Webmail.html webmail_domains webmail_urls mail_domains mail_urls
acl jobsearch_domains dstdomain "/etc/squid/banlist/jobsearch_domains.list"
deny_info Error_Job.html jobsearch_domains
acl remote dstdomain "/etc/squid/banlist/remote.list"
deny_info Error_Remote.html remote
acl vari dstdomain "/etc/squid/banlist/vari.list"
deny_info Error_Vari.html vari
acl porno dstdomain "/etc/squid/banlist/porno.list"
deny_info Error_Vari.html porno
deny_info Error_Users.html all
http_access allow localhost manager
http_access deny manager
http_access allow local_domains
http_access allow local_network
http_access allow unauthorized-elite
http_access allow Passport_quality
http_access allow SKAUT_ADDR SKAUT_PORT
http_access allow VED-declarant_DOMAIN
http_access allow AutoGraph_DOMAIN
http_access allow UIS-AUDITMODERN_ADDR clicksys_ru_ADDR
http_access allow miflib_ru_DOMAIN
http_access deny unauthorized webmail_domains
http_access deny unauthorized webmail_urls
http_access deny unauthorized mail_domains
http_access deny unauthorized mail_urls
http_access deny unauthorized jobsearch_domains
http_access deny unauthorized remote
http_access deny unauthorized vari
http_access deny unauthorized porno
http_access allow unauthorized
http_access deny servers_network
http_access deny !auth
http_access allow FullAccess
http_access allow MailAccess webmail_domains
http_access allow MailAccess webmail_urls
http_access allow MailAccess mail_domains
http_access allow MailAccess mail_urls
http_access deny all webmail_domains
http_access deny all webmail_urls
http_access deny all mail_domains
http_access deny all mail_urls
http_access allow JobSearchAccess jobsearch_domains
http_access deny all jobsearch_domains
http_access allow SupportAccess vari
http_access deny all vari
http_access allow PRMAccess education_PRM_DOMAIN
http_access deny all remote
http_access deny all porno
http_access allow UsersAccess
http_access deny all
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
I don't use IPv6 on my server and localhost resolve normally.
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:15:5d:b1:d9:00 brd ff:ff:ff:ff:ff:ff
    inet brd scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::215:5dff:feb1:d900/64 scope link
       valid_lft forever preferred_lft forever
# nslookup localhost
Name:   localhost
# ping -c 1 localhost
PING localhost ( 56(84) bytes of data.
64 bytes from localhost ( icmp_seq=1 ttl=64 time=0.051 ms
--- localhost ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.051/0.051/0.051/0.000 ms
And I tried to execute squidclient without specifying localhost. But I got a mistake again:
# squidclient mgr:info
stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build parameters.
HTTP/1.1 403 Forbidden
Server: squid
Mime-Version: 1.0
Date: Thu, 13 Oct 2016 02:09:02 GMT
Best regards, Misha.
11.10.2016, 14:59, "Amos Jeffries" <squ...@treenet.co.nz>:

On 11/10/2016 4:54 p.m., Михаил wrote:

 I check version of squid 3.5.21 with my configuration and I faced with a
 problem. Early I used in version 3.5.12 this line for connect localhost, but now
 it doesn't work.

Order is important. Where you place the rules in squid.conf matters a
lot with regards to whether they are actually useful and do what you
want, or not.

 # squid.conf
 http_access allow localhost manager
 http_access deny manager
 # squidclient -p 3128 -h localhost mgr:info
 HTTP/1.1 403 Forbidden
 Server: squid
 Mime-Version: 1.0
 Date: Tue, 11 Oct 2016 03:42:54 GMT


 If I set a full access I could connect to localhost.


 # squid.conf
 http_access allow all
 http_access deny manager

So what IP address(es) does 'localhost' resolve to?

 # squidclient -p 3128 -h localhost mgr:info
 stub time| WARNING: BCP 177 violation. IPv6 transport forced OFF by build

I know you said in a followup to ignore this. But it may be important.

It shows that squidclient was built with --disable-ipv6, and yet your
system is IPv6-enabled.

The name "localhost" for IPv6-enabled systems is ::1.

A squid binary that is built with --disable-ipv6 will not permit ::1
since it is non-IP4. But it will be recognized as part of "all" IP space.


 HTTP/1.1 200 OK
 Server: squid
 Mime-Version: 1.0
 Date: Tue, 11 Oct 2016 03:47:36 GMT
 What is happend? And what is the right way to connect to cache_management from

squidclient defaults to localhost and port 3128 for management access to
Squid. Just use:

  squidclient mgr:info


squid-users mailing list

squid-users mailing list

Reply via email to