Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SQStat 403

    Scheduled Pinned Locked Moved pfSense Packages
    10 Posts 4 Posters 6.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      namtab
      last edited by

      Hi,

      I'm having some trouble with package Lightsquid  1.8.0 pkg v.2.32 over Squid 2.7.9 pkg v.4.3.1.

      Squid runs OK, Lightsquid also.

      On the "Status" > "Proxy Report" page, "Proxy state" tab (SQstat), the page runs fine the first time it loads.

      Subsequent async (ajax) request end in 403 (seen via the Console in Chrome), specifically:

      
      POST http://<pfsenseurl>/sqstat/sqstat.php 403 (Forbidden) 
      
      Ajax.Request.Class.create.request prototype.js:1530
      Ajax.Request.Class.create.initialize prototype.js:1495
      (anonymous function) prototype.js:429
      klass prototype.js:101
      getactivity sqstat.php:40
      (anonymous function)</pfsenseurl>
      

      Naturally, reloading (F5) the page loads fine (current requests visible).

      Squid does not have custom options.

      I initially thought it was a https and custom port compatibility problem, so I set the web configurator to run on http 80, but the issue remains.

      What am I missing?

      Thanks

      1 Reply Last reply Reply Quote 0
      • N
        namtab
        last edited by

        bumpity bump…

        1 Reply Last reply Reply Quote 0
        • S
          sotho
          last edited by

          Got the same versions and also get the 403 error on sqstat. I tried forcing sqstat.php $iface to 127.0.0.1 and get a timeout.
          Also having issues with lightsquid; it's offering me the index.cgi for download instead of executing it.

          1 Reply Last reply Reply Quote 0
          • S
            Slam
            last edited by

            I found in another post that adding 127.0.0.1 to the section "Use alternate DNS-servers for the proxy-server" in squid worked for me, I still havent figured out the problem of the cgi file being downloaded

            1 Reply Last reply Reply Quote 0
            • S
              sotho
              last edited by

              I ended up actually rebooting the system and sqstat started working.

              1 Reply Last reply Reply Quote 0
              • S
                sotho
                last edited by

                For my lightsquid issue I followed this along.
                http://www.cyberciti.biz/tips/lighttpd-howto-setup-cgi-bin-access-for-perl-programs.html

                I edited /etc/inc/system.inc and included "mod_cgi" under the server.modules and added "index.cgi" to the server.indexfiles.

                I did reboot here so the above changes ended up showing in the next file I edited for testing. I will have to move those changes to the system.inc, but this what needs to be added.

                In file /var/etc/lighty-webConfigurator.conf (gets recreated from system.inc so keep that in mind) the following:

                above the ## ssl configuration section I added:

                $HTTP["url"] =~ "/lightsquid/" {
                    cgi.assign = (".cgi" => "/usr/bin/perl")
                }

                1 Reply Last reply Reply Quote 0
                • S
                  Slam
                  last edited by

                  Thanks for that, Ill give it a try.

                  1 Reply Last reply Reply Quote 0
                  • N
                    namtab
                    last edited by

                    semi hijacked my thread…
                    back to SQStat, any useful tips beyond

                    @Abdsalem:

                    I found in another post that adding 127.0.0.1 to the section "Use alternate DNS-servers for the proxy-server" in squid worked for me, I still havent figured out the problem of the cgi file being downloaded

                    ?

                    1 Reply Last reply Reply Quote 0
                    • N
                      namtab
                      last edited by

                      .. I guess everyone is clueless.. Maybe next plugin version will function properly.
                      Might as well lock the topic.

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        Posting this here since the thread is very high in search results for the sqstat 403 error:

                        This is because the IP address querying the status from squid is not listed as an external cache manager. To find the IP in use, enable squid logging, try to access sqstat, and then run run:

                        # grep "403.*active_requests" /var/squid/logs/access.log
                        

                        You will find lines such as this:

                        1390930259.701      0  192.168.1.1 TCP_DENIED/403 1410 GET cache_object://localhost/active_requests - NONE/- text/html
                        

                        Then go to Services > Proxy Server, on the Access Control tab, and add the IP from that line to the External Cache Managers box, e.g.

                        127.0.0.1;192.168.1.1;
                        

                        Save there, and for good measure go back to the main tab on squid and press save again, and then you should be able to access sqstat.

                        If that alone does not work, and you have a filter such as squidGuard installed, make sure you have "localhost" listed in a whitelist or have access open from the LAN IP of the firewall itself.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.