On Fri, 1 Oct 2004, Luigi Gangitano wrote:
> I'm trying to solve the old issue in cachemgr.c that allows proxied port
> scanning if installed without ACL. Since I'm the squid maintainer for
> debian I cannot provide ACL for every webserver in the distro. So I'm
> looking for a different solution, adding ACL directly in squidmgr.cgi
> (possibily in a configuration file).
>
> Since my programming skill are at best 'scarce' and I need to solve the
> problem in time for the next release (should happen in 30 days), can
> somebody please provide help or directions on how to do it?
It is a plain C program, nothing out of the ordinary.
You need to
a) Define a configuration file format
b) Add code in cachemgr.c to read the configuration file and act on the
defined ACLs.
As it is a CGI program you have the standard CGI environment variables to
use as source of user information when evaluating the acls defined in the
configuration file
REMOTE_USER username if web server is configured to require
authentication
REMOTE_ADDR IP address of the client connecting to the web server
you access these from C using the getenv() function.
Parsing of the configuration file is best done using STDIO functions:
fopen, fgets and friends.
Regards
Henrik
Received on Fri Oct 01 2004 - 12:25:11 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Oct 31 2004 - 12:00:02 MST