Re: cachemgr.cgi

From: Dancer <dancer@dont-contact.us>
Date: Sat, 21 Feb 1998 01:52:40 +1000

ACL's in access lines are ANDed together.

Therefore:

acl manager proto cache_object
acl admin src xxx.xxx.xxx.xxx/255.255.255.255 ( =The squid hosts address)
acl localhost src 127.0.0.1/255.255.255.255

http_access deny manager !localhost !admin

..means deny access to any source address which is not 127.0.0.1/32 _and_
xxx.xxx.xxx.xxx/32 _at_the_same_time..

which it cannot be. A connection only has one source address.

What you _meant_ was this:

http_access allow manager localhost
http_access allow manager admin
http_access deny manager all

Armin Kunaschik wrote:

> >Very probably. Make sure that you have:
> >
> >http_access allow manager foobar
> >http_access allow foobar
> >miss_access allow foobar
> >
> >(where 'foobar' is an ACL that refers to the machine that is running the
> >cache-manager cgi. Most people seem to omit the miss_access line).
> >
> >Oh, also remember that if you are running the CGI on the _same_ machine,
> and
> >you don't type 'localhost' for the address, then the address won't _come_
> from
> >'localhost'.
> Sounds a little weird.. but maybe it's only my bad english? :-)
>
> I had the problem that localhost didn't work for the manager access list.
> Squid 1.1.20 and Apache 1.2.5 running on the same machine.
> ACL's are set to:
>
> acl manager proto cache_object
> acl admin src xxx.xxx.xxx.xxx/255.255.255.255 ( =The squid hosts address)
> acl localhost src 127.0.0.1/255.255.255.255
>
> http_access deny manager !localhost !admin
>
> This construct doesn't work, if I remove "!admin", I get access denied.
> 2 possibilities:
> 1. localhost doesn't work.
> 2. localhost is not the local cache host. What is it then?
>
> Any clues?
>
> Armin

--
Did you read the documentation AND the FAQ?
If not, I'll probably still answer your question, but my patience will
be limited, and you take the risk of sarcasm and ridicule.
Received on Fri Feb 20 1998 - 07:58:42 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:38:56 MST