Hi All,
I have been struggling to configure cachemgr.cgi on my squid
(2.5STABLE 10) server. It works fine if I disable NTLM authentication.
If I enable NTLM authentication I am not able to access the
cachemgr.cgi web page. It says access denied. Then I did a diff on
squid.auth.conf file (NTLM enabled config) and squid.noauth.conf (NTLM
disabled config). I am not able to figure which ACL is denying me
access when I try to access the cachemgr.cgi web page:
diff squid.auth.conf squid.noauth.conf
< #cache_peer 172.161.195 parent 3128 0 weight=15 no-digest proxy-only
< #cache_peer 172.161.67 parent 3128 0 weight=10 no-digest proxy-only
446d443
< no_cache deny ifrmarkets
448a446
> no_cache deny ifrmarkets
485a484
> #cache_mem 256 MB
682a682
> #cache_dir ufs /var/squid/cache 5120 16 256
1191c1191
< auth_param basic children 50
--- > auth_param basic children 50 1296,1297c1296 < #external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl < external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN /opt/squid/libexec/wbinfo_group.pl --- > external_acl_type wbinfo_group_helper ttl=900 children=125 %LOGIN /usr/local/squid/libexec/wbinfo_group.pl 1711,1713d1709 < acl deny_web_group external wbinfo_group_helper restricted1 < http_access deny deny_web_group < 1730d1725 < acl Safe_ports port 20001 # TBGW 1732a1728 > acl Safe_ports port 20001 # TBGW server 1743,1744c1739 < # NOT < # on default values: --- > # NOTE on default values: 1764,1765c1759,1760 < acl ausv-00002 src 172.16.11.150/255.255.255.255 < acl CMGR src 172.16.0.0/255.255.0.0 --- > acl ausv-00002 src 172.16.11.150/32 > acl CMGR src 172.16.0.0/16 1767d1761 < http_access deny manager !localhost !ausv-00002 !CMGR !ausv-00001 1768a1763,1767 > http_access allow manager localhost > http_access allow manager ausv-00001 > http_access allow manager ausv-00002 > http_access allow manager CMGR > http_access deny manager 1769a1769 > 1774,1780d1773 < < < http_access allow localhost < http_access allow ausv-00001 < http_access allow ausv-00002 < http_access allow CMGR < 1792c1785 < acl NOAUTH src 172.16.69.14/32 172.16.70.204/32 172.16.78.20/32 172.16.78.37/32 172.16.78.39/32 172.16.100.68/32 172.16.70.64/32 172.16.117.192/32 172.16.11.150/32 10.185.234.13/32 --- > acl NOAUTH src 172.16.69.14/32 172.16.70.204/32 172.16.78.20/32 172.16.78.37/32 172.16.78.39/32 172.16.100.68/32 1835d1827 < acl jesse src 172.16.117.192/32 1880a1873,1875 > acl NetOMS-ip5 dst 66.227.81.53/32 > acl NetOMS-ip6 dst 66.227.81.51/32 > acl NetOMS-ip7 dst 66.227.81.52/32 1888d1882 < #acl CAAML dst 62.17.163.240/32 < http_access allow ECI < http_access allow APH 1904,1906d1892 < #http_access allow CAAML < http_access allow jesse < http_access allow TBGW 1919a1906 > ########### JVM NTLM ISSUE RECTIFICATION 1920a1908,1909 > acl java_jvm browser Java/1.4 > http_access allow java_jvm 1936a1926,1928 > http_access allow NetOMS-ip5 > http_access allow NetOMS-ip6 > http_access allow NetOMS-ip7 1943a1936 > http_access allow AME-3 1954c1947,1948 < --- > http_access allow TBGW > 1959a1954 > 1968d1962 < http_access allow Internet 1974,1975c1968,1969 < acl msnoverhttp url_regex -i "/opt/squid/etc/msnoverhttp.txt" < http_access deny mimeblockq --- > acl msnoverhttp url_regex -i "/opt/squid/etc/msnoverhttp.txt" > http_access deny mimeblockq 1995,1997c1989,1991 < http_access allow Allowed-ABC-AU < http_access allow Allowed-ABC-NZ < http_access allow au-company AuthorisedUsers --- > #http_access allow Allowed-ABC-AU > #http_access allow Allowed-ABC-NZ > #http_access allow au-company AuthorisedUsers 1999c1993 < #http_access allow au-company --- > http_access allow au-company < #http_access allow localhost --- > http_access allow localhost 2016c2010 < http_access deny all --- > http_access deny All 2050,2052c2044 < icp_access allow CMGR < icp_access deny all < #icp_access deny all --- > # icp_access deny all 2206d2197 < cache_mgr ap.it.helpdesk@my.company.com Any help would be really appreciated.Received on Sun Mar 05 2006 - 21:02:12 MST
This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:03 MST