Re: ACL Nightmare

From: Duane Wessels <wessels>
Date: Wed, 13 Nov 96 12:36:50 -0800 writes:

>Argh! Okay, I give up. Using cachemgr.cgi, I request the status of some
>item from the currently running Squid; I get the result, fine. I select
>another item, and I'm told I'm forbidden to access the item. Doesn't
>matter which item I select either, first one works, subsequent ones don't.
>>From access.log:
> TCP_MISS/555/NONE 1543 GET
> cache_object://
> cache_object://
>>From squid.conf:
>acl manager proto cache_object
>acl localhost src
>acl src_okmgr src
>http_access deny manager !src_okmgr !localhost
>http_access allow manager src_okmgr localhost
>Seems to have started around 1.0.18 (although of course this could just
>coincide with some squid.conf stuff-up - see above). Help.. :-(

Remember, the ACL's on a 'http_access' line are AND'ed together. Also,
you should specifically allow cachemgr from your host first, then deny
it from other places

    acl src_okmgr src
    acl manager proto cache_object
    http_access allow manager src_okmgr
    http_access deny manager

Duane W.
Received on Wed Nov 13 1996 - 12:36:51 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:33:32 MST