SQStat 403



  • Hi,

    I'm having some trouble with package Lightsquid  1.8.0 pkg v.2.32 over Squid 2.7.9 pkg v.4.3.1.

    Squid runs OK, Lightsquid also.

    On the "Status" > "Proxy Report" page, "Proxy state" tab (SQstat), the page runs fine the first time it loads.

    Subsequent async (ajax) request end in 403 (seen via the Console in Chrome), specifically:

    
    POST http://<pfsenseurl>/sqstat/sqstat.php 403 (Forbidden) 
    
    Ajax.Request.Class.create.request prototype.js:1530
    Ajax.Request.Class.create.initialize prototype.js:1495
    (anonymous function) prototype.js:429
    klass prototype.js:101
    getactivity sqstat.php:40
    (anonymous function)</pfsenseurl>
    

    Naturally, reloading (F5) the page loads fine (current requests visible).

    Squid does not have custom options.

    I initially thought it was a https and custom port compatibility problem, so I set the web configurator to run on http 80, but the issue remains.

    What am I missing?

    Thanks



  • bumpity bump…



  • Got the same versions and also get the 403 error on sqstat. I tried forcing sqstat.php $iface to 127.0.0.1 and get a timeout.
    Also having issues with lightsquid; it's offering me the index.cgi for download instead of executing it.



  • I found in another post that adding 127.0.0.1 to the section "Use alternate DNS-servers for the proxy-server" in squid worked for me, I still havent figured out the problem of the cgi file being downloaded



  • I ended up actually rebooting the system and sqstat started working.



  • For my lightsquid issue I followed this along.
    http://www.cyberciti.biz/tips/lighttpd-howto-setup-cgi-bin-access-for-perl-programs.html

    I edited /etc/inc/system.inc and included "mod_cgi" under the server.modules and added "index.cgi" to the server.indexfiles.

    I did reboot here so the above changes ended up showing in the next file I edited for testing. I will have to move those changes to the system.inc, but this what needs to be added.

    In file /var/etc/lighty-webConfigurator.conf (gets recreated from system.inc so keep that in mind) the following:

    above the ## ssl configuration section I added:

    $HTTP["url"] =~ "/lightsquid/" {
        cgi.assign = (".cgi" => "/usr/bin/perl")
    }



  • Thanks for that, Ill give it a try.



  • semi hijacked my thread…
    back to SQStat, any useful tips beyond

    @Abdsalem:

    I found in another post that adding 127.0.0.1 to the section "Use alternate DNS-servers for the proxy-server" in squid worked for me, I still havent figured out the problem of the cgi file being downloaded

    ?



  • .. I guess everyone is clueless.. Maybe next plugin version will function properly.
    Might as well lock the topic.


  • Rebel Alliance Developer Netgate

    Posting this here since the thread is very high in search results for the sqstat 403 error:

    This is because the IP address querying the status from squid is not listed as an external cache manager. To find the IP in use, enable squid logging, try to access sqstat, and then run run:

    # grep "403.*active_requests" /var/squid/logs/access.log
    

    You will find lines such as this:

    1390930259.701      0  192.168.1.1 TCP_DENIED/403 1410 GET cache_object://localhost/active_requests - NONE/- text/html
    

    Then go to Services > Proxy Server, on the Access Control tab, and add the IP from that line to the External Cache Managers box, e.g.

    127.0.0.1;192.168.1.1;
    

    Save there, and for good measure go back to the main tab on squid and press save again, and then you should be able to access sqstat.

    If that alone does not work, and you have a filter such as squidGuard installed, make sure you have "localhost" listed in a whitelist or have access open from the LAN IP of the firewall itself.


Log in to reply