First Last Prev Next    This bug is not in your last search results.
Bug 51885 - Access to squid cache_object from localhost won't work with default configuration
Access to squid cache_object from localhost won't work with default configura...
Status: NEW
Product: UCS
Classification: Unclassified
Component: Squid
UCS 4.4
Other All
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-08-21 16:01 CEST by Stephan Hendl
Modified: 2020-08-21 16:18 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.034
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?: Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): External feedback, Usability
Max CVSS v3 score:
best: Patch_Available+

Attachments
Patch for squid.conf template (481 bytes, patch)
2020-08-21 16:01 CEST, Stephan Hendl 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stephan Hendl 2020-08-21 16:01:54 CEST 
Created attachment 10464 [details]
Patch for squid.conf template

During testing the "check_squid" script from https://github.com/DinoTools/monitoring-check_squid it came out that with the default order of acl in the squid.conf file the cache_object won't be accessible neither from localhost nor from other networks. The error message in /var/log/squid/access.log is

127.0.0.1 TCP_MISS/200 2614 GET cache_object://127.0.0.1/info - HIER_NONE/- text/plain

The solution is to move the line

http_access deny !web_ports

in the squid.conf file two lines lower.

print("http_access allow localhost manager")
print("http_access deny manager")
print("http_access deny !web_ports")

I've uploaded a patch for the /etc/univention/templates/files/etc/squid/squid.conf template.
First Last Prev Next    This bug is not in your last search results.