pfSense Plus 25.03 release question
-
I just ask: WHEN?
Or is it easier to wait for release 25.11? -
When it's ready.
-
@stephenw10 does the squid status php page work in the new version with the adapted url for access? I had a tough time getting the status page to work.
-
Is there a bug report for that?
-
@stephenw10 yes but it is still open from a couple versions before
-
Hmm, this? https://redmine.pfsense.org/issues/11711
-
This one https://redmine.pfsense.org/issues/15410
-
@stephenw10 same kind of issue I have attempted a few things with the support of squid developers I am now wondering if Squidguard is to blame. Again Squid developers said they changed the status page formatting. It’s all listed in that redmine, it’s kind of a mess sorry with my trial and errors.
-
@JonathanLee said in pfSense Plus 25.03 release question:
https://redmine.pfsense.org/issues/15410
Ah, yes I recall looking at this before. It doesn't appear to be the new manager access, we are already using it. For some reason we are denied access to it in Squid.....
-
@stephenw10 yeah they adapted the url the old one had a security issue. When Squid started to fix all the bugs this was one they also fixed it resulted in a new url scheme for accessing the status page.
-
Hmm, I mean it looks like they updated it a while back for 3.2 but we are using that version, and have been for some time.
The method we are using is current AFAIK:
https://wiki.squid-cache.org/Features/CacheManager/SquidClientTool#cache-manager-access-from-squidclientIs there some update I'm not seeing?
-
@stephenw10 Per Squid Development Team
As discussed in that bug report the "cache_object://" scheme has been replaced by "http://(visible_hostname):3128/squid-internal-mgr/"
-
The scheme can be "https://" so long as the proxy listening port is configured with the https_port directive.
-
visible_hostname should be replaced by the contents of the visible_hostname directive, or listening IP address. This is just one of the many reasons that directive needs to be a DNS resolvable domain name.
-
*The port 3128 can be another forward-proxy or an 'accel' mode port if you wish. Cannot be an 'intercept' or 'tproxy' _port, nor an https_port with SSL-Bump enabled.
FTR; What we are familiar with as an "index page" is not provided by the Squid cache manager by default. I provide a basic UI at https://github.com/yadij/cachemgr.js that makes accessing the reports a bit easier for humans.
HTH
AmosSo it was adapted I think your looking at and older webpage
-
-
Yeah that was added in Squid4 and that's what we are using via squidclient. You can see that in the error page.
-
@stephenw10 When I look it says denied with the new versions even a fresh install it did it
-
Yes it does. But if you check what is blocked it's using the newer method to poll the data. The issue is not because the polling method needs to be updated as far as I can see.
-
@stephenw10 does it show status on yours? mine after 23.05.01 status page does not work
-
No it's definiely broken. It's just not because we are using the wrong polling method. As far as I can see at least.
-
@stephenw10 I wonder what’s doing it.
-
Indeed. It looks like an acl issue in squid but so far no combination of settings I've tried has allowed it.
