How to guide for Accessing Squid's cachemgr.cgi over https

JonathanLee

Screenshot 2024-05-17 at 17.06.19.png

Screenshot 2024-05-17 at 17.08.05.png

Squid Proxy comes pre packaged with its own cache manger.

Here is how you can access it over https.

After some research, thank you to @bnangle

One inside of pfSense go to command line and create a linker file and place it inside of

/usr/local/www/lightsquid/
command

ln -s /usr/local/libexec/squid/cachemgr.cgi /usr/local/www/lightsquid/cachemgr.cgi

Setup some default acls set a password or not

acl localhost src 127.0.0.1/255.255.255.255 to acl localhost src 10.0.0.1/255.255.255.255
cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd none all

You must use a password in place of none if you so choose to do so. I recommend you add one. However for testing I had it set to none

access the cachemgr from pfsense under light squid

https://192.168.1.1:7445/cachemgr.cgi

when inside of pfsense click the lightsiquid and adapt the url to access the cache manger.

JonathanLee

Still make sure you adapt your /usr/local/etc/squid/cachemgr.conf
to include your firewall IP address and hostname

Screenshot 2024-05-17 at 17.19.17.png

You don't have to change this I can access it with just local. I was very excited to share this

JonathanLee

@JonathanLee

PART 2 Password Security and GUI Status page
Now that you have Squids Cache Manager accessible on the GUI, lets make sure it is secure however we have an issue with that mgr:info when Squid is build does not contain a password so if we set one we have to adapt the GUI squid status php file.

It is easy.

Step 1
add your password into advanced config

cachemgr_passwd disable offline_toggle reconfigure shutdown
cachemgr_passwd **PASSWORDHERE!** all

Screenshot 2024-05-17 at 17.12.01.png

Mine is "redacted"
I also disabled shutdown and reconfigure from the options.

Now that it is set you might notice your status page no longer works that is ok its only because it doesn't have the password.

Step 2
Add password to
/usr/local/www/status_squid.php

It is simple change mgr:info@redacted

after @ you need to be add a password.

Screenshot 2024-05-17 at 17.09.59.png

Now you have a cache manger access and it is password locked plus you disabled some tools that could limit access if used incorrectly.

Enjoy

JonathanLee

PART 3 Lightsquid code adaption

Also make sure you add your password here to

/usr/local/www/sqstat/sqstat.php

Screenshot 2024-05-17 at 17.14.31.png

This file already has a line of code just waiting for your new password to help lock it down.

JonathanLee

@stephenw10

I am missing my photos here too :( Can you help with a couple of these posts the photos are vanishing ..

JonathanLee

@stephenw10

I added the photos again however it was saying invalid path also when i went to add them. I think this fixed it.