Cache Manager Menu For Web Proxy Not Loading

What is the command for accessing the log?

Hi Kenneth,

I am not sure about which command you are referring to, but what you would be looking for in the GUI is here reguarding IPS logs. IF for whatever reason there is a signature causing you grief, you can identify it by the name of the signature in each entry. Examples Below.

Once you determine the signature name in the respective entry as shown here… Then

My Example shows the name of the signature as ET USER_AGENTS Microsoft Device Metadata Retrieval Client User-Agent but obviously that is not what your going to be looking for, but rather the name of the violation that applies to your IPS block.

Navigate here:

Then Scroll Down to RuleSets

From here you have 2 options that you can choose.

  1. You can either un-check the box next to the ruleset and completely disable that rule on all traffic for all IP addresses OR

  2. Make an exception for your IP address or Network so you can access what you need to.

You would do that here on the same page as above:

image

Once you are done, you may want to click on Firewall Rules in the menu to the right and see if anything needs to be applied. It will tell you on the screen if it needs to write out the changes.

Thx

That would be helpful. Except the ips logs are blank.

Interesting. Seeing as I can’t see your system, I can only guess, but you may not have IPS enabled on your IPFire instance. Given that, it can’t block traffic if its not on. If it was on, you would see something there if it was hanging traffic.

Before pointing you in the next direction, I have to ask the following, because I do not know your level of expertise and don’t want to confuse you. Do you have in depth experience with excel and importing csv files for review? Do you know how to import delimited space files. If you do, I can point you to a file that you can export off your ipfire instance with something like WinSCP so you can test, grab the file, then look for your source address and any blocks… OR

You can Putty in with SSH to IPFire from your Box, and tcpdump so you can verify any passage or non-passage of packets. Grab your ip address off your managing workstation that you are opening IPFire GUI on.

tcpdump -XXnn and then hit enter

Go back to your Desktop and test the menu. See what outputs in Putty. May give you a clue on blocks…

Just a thought. ( I can see this issue, too)
The squid doc, cited in wiki, lists configuration options for the access to the cachemanager.
These can’t be found in squid.conf
Is this our problem?

I don’t know about all that. I will be honest that I hadn’t taken the time to read through those docs, but then again, I am a network and security engineer with almost 18 years under my belt. If I was in front of Kenneths appliance I am sure I could get it functioning but I can’t see it off hand. If he can confirm his excel fu… I may be able to point him in the direction of how to parse for messsages eluding to problems.

Can you access the cache manager, and if yes how?

Bernhard Bitsch - Not sure what you mean. Are you referring to me, or are you referring to Kenneth of whom I have been helping above?

Eric, I’m referring to you.
If could help Kenneth, I think you know how to access the manager.

Of course IPS is green, enabled. Could the upstream router effect the matter - the ipfire receives its internet from a router which receives its internet from an upstream wifi - cellular router.

Yes, I am in process of trying to help Kenneth.

Reguarding my setup. I will be honest, it was a PITA to get setup. Documentation is not clear, or missing things that should be in there from the prospective of IPFire, but then again, it does take time to develop good documentation.

I do have my setup working as intended, but keep in mind, that there are numerous things that can cause problems in this UTM setup. IPS, Firewall Rules, Whitelists and Blocklists included.

Here is some screenshots of my setup.

Now that I think about it… There was one other thing hanging me up for the web proxy Squid Menu… It was the fact I enabled the URL filter. I had to add the exclusion for the green, blue or offending network interface itself. See below screenshots.
Click Network > Web Proxy > Click URL Filter

Reguarding the Web Proxy Menu… Here is my visual… When you click the Activate Cachemanager link…

The upstream router would have nothing to do with the connections on the intranet side of the firewall interface.

1 Like

Eric, I know these steps you provided for the cache manager. But what happens, if you click ā€œDISKD Statsā€ e.g.?

This happens and loads. Granted it doesn’t have stats… it at least loads.

Interesting.
I’ve just tried with all styles and language=english.
No success. :frowning:
What’s faulty with Kenneth’s and my configuration?

BTW: I whether have IPS on nor do I use a VPN. Just a simple red-green-blue config.

Kenneth and Bernhard, Paste me back this screen on each of your ipfire devices so I can get a mental picture of what your working with.

Click on Status > Then Services to get to this screen.

Eric, I do not get what you want to see.

It is no matter of ā€œmental pictureā€, but of maybe wrong/incomplete configuration.
I have a ā€œstandard simpleā€ installation with red, green and blue networks.

  • IPS isn’t active,
  • ā€œstandardā€ FW rules,
  • non-transparent proxy,
  • no URL-Filter

I try to access the cache manager from blue, my client is registered as ā€œunrestrictedā€ to squid.
I get the same errors as Kenneth reported above.

BTW: I’ve years in experience with IPFire ( administration and development ), but I looked at cache manager long time ago. It wasn’t my interest, yet. I tried for this thread now. Last time I did not have this problem.

Bernhard, without me being able to see what you have enabled on your IPFire, how then can I think about what could be the issue? Thus the reason I asked for a screenshot of the above area in my last message.

I sat back and thought about this a little bit.

I get what you mean by IPS isn’t active, and also hear what you typed above for No-URL filter. If your using a non-transparent proxy, I can only assume you have made entries in your browser for the pac file url or downloaded the pac and installed it manually into the workstation. If not, I would look into that as well, but…

What I am not following is your definition of ā€œStandard Firewall Rulesā€. That could mean no rules except for the default block, Drop or Reject, or it could mean that you have enabled an any/any rule, or it could mean that you have a standard set of firewall rules you implement on a firewall. I am not sure on that…

Regarding any other ideas, I do have 1 left without digging way down deep in configuration and this is also one that bit me right in the rear when I was trying to get the Web Proxy to work in IPFire. Took me a long while to figure it out too, again, since there is no darn documents that tell you that you ā€œmustā€ do this to access the web proxy Squid Menu. I found out the hard way. Hopefully logging this here will help you and everyone else out there, now and later.

On this page…

Scroll down to here, and add your /24 for Green or Blue as needed. That way you can access it from any computer on the /24 network.

image