pfSense Plus 25.03 release question
-
This one https://redmine.pfsense.org/issues/15410
-
@stephenw10 same kind of issue I have attempted a few things with the support of squid developers I am now wondering if Squidguard is to blame. Again Squid developers said they changed the status page formatting. It’s all listed in that redmine, it’s kind of a mess sorry with my trial and errors.
-
@JonathanLee said in pfSense Plus 25.03 release question:
https://redmine.pfsense.org/issues/15410
Ah, yes I recall looking at this before. It doesn't appear to be the new manager access, we are already using it. For some reason we are denied access to it in Squid.....
-
@stephenw10 yeah they adapted the url the old one had a security issue. When Squid started to fix all the bugs this was one they also fixed it resulted in a new url scheme for accessing the status page.
-
Hmm, I mean it looks like they updated it a while back for 3.2 but we are using that version, and have been for some time.
The method we are using is current AFAIK:
https://wiki.squid-cache.org/Features/CacheManager/SquidClientTool#cache-manager-access-from-squidclientIs there some update I'm not seeing?
-
@stephenw10 Per Squid Development Team
As discussed in that bug report the "cache_object://" scheme has been replaced by "http://(visible_hostname):3128/squid-internal-mgr/"
-
The scheme can be "https://" so long as the proxy listening port is configured with the https_port directive.
-
visible_hostname should be replaced by the contents of the visible_hostname directive, or listening IP address. This is just one of the many reasons that directive needs to be a DNS resolvable domain name.
-
*The port 3128 can be another forward-proxy or an 'accel' mode port if you wish. Cannot be an 'intercept' or 'tproxy' _port, nor an https_port with SSL-Bump enabled.
FTR; What we are familiar with as an "index page" is not provided by the Squid cache manager by default. I provide a basic UI at https://github.com/yadij/cachemgr.js that makes accessing the reports a bit easier for humans.
HTH
AmosSo it was adapted I think your looking at and older webpage
-
-
Yeah that was added in Squid4 and that's what we are using via squidclient. You can see that in the error page.
-
@stephenw10 When I look it says denied with the new versions even a fresh install it did it
-
Yes it does. But if you check what is blocked it's using the newer method to poll the data. The issue is not because the polling method needs to be updated as far as I can see.
-
@stephenw10 does it show status on yours? mine after 23.05.01 status page does not work
-
No it's definiely broken. It's just not because we are using the wrong polling method. As far as I can see at least.
-
@stephenw10 I wonder what’s doing it.
-
Indeed. It looks like an acl issue in squid but so far no combination of settings I've tried has allowed it.
-
@stephenw10 I have tried so many things I know they changed it because of emails with the development team after they fixed the security issues but the new url doesn't seem to work on my end.
-
@stephenw10 whats ChatGPT say about it?
-
@stephenw10 2.8 also has the issue fresh install none of my settings clean out of box install not on the 2100
-
Yup the issue definitely exists. I have no fix for it yet, none of the things I tried made any difference.
-
Hi, I read in an older news that netgate will remove the squid proxy server in the future. I'm just about to implement it at school on pfsense plus. Is it worth it, or should I not?
-
It will be removed at some point. There is no hard date set at this point.
I expect it to remain until it either fails to build or is replaced.
-
okay, i`m still waiting for the release of july... ;-)
