pfSense » pfSense Packages

this is part of status_squid.php

this calls /usr/local/sbin/squidclient with the older URI scheme
to access mgr:info

@function squid_status() {
if (is_service_running('squid')) {
init_config_arr(array('installedpackages', 'squidcache','config'));
$proxy_ifaces = explode(",", config_get_path('installedpackages/squid/config/0/active_interface', ''));
foreach ($proxy_ifaces as $iface) {
if (get_interface_ip($iface)) {
$ip = get_interface_ip($iface);
$lip = '127.0.0.1';
} else {
$ip = get_interface_ipv6($iface);
$lip = '::1';
}
exec("/usr/local/sbin/squidclient -l " . escapeshellarg($lip) .
" -h " . escapeshellarg($ip) . " mgr:info", $result);
}
} else {
return(gettext('Squid Proxy is not running.'));
}
$i = 0;
$matchbegin = "Squid Object Cache";
foreach ($result as $line) {
if (preg_match("/{$matchbegin}/", $line)) {
$begin = $i;
}
$i++;
}

$output = "";
    $i = 0;

foreach ($result as $line) {
        if ($i >= $begin) {
            $output .= $line . "\n";
        }
        $i++;
    }
    return $output;
}    @

this is using the old version here with mgr:info

squidclient mgr:info

no longer works this should be changed to reflect the new use with

squidclient -h 127.0.0.1 -p 3128 mgr:info shows access denined

@
You do have direct proxy (and thus manager) access via the 192.168.1.1:3128 so this URL should work:
http://192.168.1.1:3128/squid-internal-mgr/menu

.. or substitute the raw-IP for the visible_hostname setting if that hostname actually resolves to that IP.

HTH
Amos@

I think this should be
should be changed to reflect squid-internal-mgr:info

I am going to test

Researching with Squid Email support in Squid 6.6

On 2024-07-18 00:55, Jonathan Lee wrote:

curl http://localhost:3128/squid-internal-mgr/info Where would I place the password?

See "man curl" or online manual pages for curl. They will point you to two relevant options: --user and --proxy-user. AFAICT, your particular cache manager requests are sent to the proxy (as if it were an origin server) rather than through the proxy. Thus, you should use --user.

As I keep saying on this thread, due to Squid complications related to Bug 5283, specifying seemingly correct client parameters may not be enough to convince Squid to accept the cache manager request. I recommend the following procedure:

1. List the corresponding http_port directive first, before any other http_port, https_port, and ftp_port directives. Do not use interception of any kind for this cache manager port.

2. Use curl with absolute squid-internal-mgr URLs with http scheme (like you show above). Do not use "curl --proxy" or similar. Do not use https scheme.

3. In that absolute mgr URL, use the host name that matches visible_hostname in squid.conf. If you do not have visible_hostname in squid.conf, add it. This is not required, but, due to Squid bugs, it is often much easier to get this to work with visible_hostname than without it.

4. Make (passwordless) mgr:info use case working first, before trying to get password-protected pages working.

5. When you do specify a username and a password, remember that you are sending this request to an (equivalent of) a service running on an origin server, not a proxy (hence --user rather than --proxy-user).

If you cannot figure it out despite carefully going through the above steps, share (privately if needed) a pointer to compressed ALL,9 cache.log while reproducing the problem with throw-away credentials on an idle Squid with a single curl request. Mention which step you got stuck on.

HTH,

Alex.