Please see below for notes in troubleshooting. When you add a password to the GUI field, and it make the entry in squid.conf, it allows inital login to the Management GUI for cache, however any subsequent URI's get an authentication error.
Pictures are available for review in the below thread.
This bug has been re-discovered in Core Update 154.
Re-discovered that Cache Manager menu access works only if you don't use a password.
Using a password gets you the menu list but every entry fails due to cache manager access denied due to an authentication problem.
If password is left blank then all the menu items that don't require a passowrd now work and the ones that do require a password are unlinked so can not be accessed.
Created attachment 866 [details]
menu screen with password defined
This shows the menu screen when the password has been defined in the Web Proxy WUI page
Created attachment 867 [details]
error message after selecting menu item
This is the error message obtained from every cache manager menu item if a password has been set.
Created attachment 868 [details]
menu screen with blank password
This is the menu screen when the password entry in the cache manager section of the web proxy WUI has been left blank
Created attachment 869 [details]
result from selecting a menu item with no password set
This shows that with a blank password then the menu items that are selectable do now provide a result as shown here with the HTTP Header Statistics
Can we verify that the browser is sending the password again?
I do not think that we have recently touched anything that should break this.
(In reply to Michael Tremer from comment #6)
> Can we verify that the browser is sending the password again?
> I do not think that we have recently touched anything that should break this.
How do I verify that?
All my findings were based on using SeaMonkey (a Firefox fork). I have also now tested it with the latest version of Firefox and the same happens.
Either using the debugging feature of the browser and check whether it is including the credentials in the HTTP request it is sending or using WireShark to sniff the packets on the network.
This is the uri from the menu item that I selected.
Here is the Header information from the debugger.
GET /cgi-bin/cachemgr.cgi?host=192.168.26.254&port=800&user_name=&operation=http_headers&auth=MTkyLjE2OC4yNi4yNTR8MTYxNjQyNTMxNnx8 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 SeaMonkey/2.53.5
Accept-Encoding: gzip, deflate, br
Authorization: Basic YWRtaW46Sm1pMz80NHRCTXY4SCV2UGQma2A=
It gives the status code as 403 401 Unauthorized
I think this was what you were requesting. If not then let me know and I will have another look.