[squid-users] cachemgr.cgi authentication issues (HELP!)

Fri, 30 Jan 2004 09:46:03 -0800

Hello fellow squidders!

I have been searching through the faq's and mailing list archives for 3 days now with no success. I am trying to use cachemgr.cgi and I am getting "Cache Access Denied." I have tried changing around my acl's, and even when "all" has permission to access manager, I can't get it to work (from the localhost or anywhere else). After turning on debugging, I am seeing this message when I try to access cachemgr.cgi:

2004/01/30 11:33:46| authenticateValidateUser: Validating Auth_user request '(nil)'.
2004/01/30 11:33:46| authenticateValidateUser: Auth_user_request was NULL!
2004/01/30 11:33:46| The request GET http://localhost/cgi-bin/cachemgr.cgi is DENIED, because it matched 'auth_users'
2004/01/30 11:33:46| authenticateFixHeader: headertype:34 authuser:(nil)
2004/01/30 11:33:46| authenticateFixErrorHeader: Sending type:34 header: 'Basic
realm="Squid proxy-caching web server"'

I am using ldap to force my users to authenticate via a novell server, but I'm not sure if that is causing the issue. Can someone point me in the right direction?

(Here's some snippets of my squid.conf)

# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access allow manager server
http_access allow manager auth_users
http_access deny manager
http_access allow ourhosts
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend to uncomment the following to protect innocent
# web applications running on the proxy server who think that the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

----------------

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl server src 204.126.212.253/255.255.255.255
acl all src 0.0.0.0/0.0.0.0
acl ourhosts src 204.126.0.0/255.255.0.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
acl auth_users proxy_auth REQUIRED

--
Bryan Dunn
Systems Administrator
Aearo Company
508-764-5239

Reply via email to