On 18/04/18 08:50, James Moe wrote:
> squid v3.5.21
> linux v4.4.120-45-default x86_64
> The "manager" is suddenly denied access. I am not aware of any recent
> updates. This did work 3 days ago.
> Is the ACL correct?
Maybe, maybe not.
> acl manager_admin src 192.168.69.115
Yet you have two other localnet ranges this machine can potentially be
[ please keep replies on-list so others having this problem can also get
On 19/04/18 05:39, James Moe wrote:
> On 04/18/2018 12:08 AM, Amos Jeffries wrote:
>> For better ideas look as what your access.log states when the manager
>> report is attempted.
> I commented the IPv6 "localnet" ACLs, reloaded squid.
> Still denied access. I do not see any new information here:
> 1524072494.191 1 192.168.69.246 TCP_DENIED/403 4361 GET
> http://sma-server3:3128/squid-internal-mgr/info - HIER_NONE/- text/html
> 1524072494.193 5508 192.168.69.115 TCP_MISS/403 4469 GET
> http://proxy1.sma.com:3128/squid-internal-mgr/info -
> HIER_DIRECT/192.168.69.246 text/html
To get any type of access to Squid internal resources working properly
you need both Squid and the external tools to be aware of what its
machines host name is AND that hostname to be publicly resolvable -
meaning it also has to be an FQDN.
- for the icons ANY receiving Squid can (and usually will) respond if
it has the relevant icon.
- for manager reports ONLY the individual proxy targeted by the URL
will respond with a successful report. The reasons for that should be
Be aware that any tools running on the localhost will probably still use
the machines hostname and may now appear to be broken when they "worked"
before. Those directives in squid.conf are _workarounds_ not fixes.
> I see you have a forwarding loop:
> 192.168.69.115 -> Squid -> 192.168.69.246 -> Squid -> DENIED.
> That 192.168.69.115 is trying to fetch "http://proxy1.sma.com". But the
> Squid appears to think its hostname is "sma-server3".
It would seem the proxy configuration for opensuse LEAP 42.3 is a bit,
um, defective. I have the local domain listed as do-not-proxy; yet it
Using a browser with the same proxy configuration, a manual config,
moe dot james at sohnen-moe dot com