Re: Decurity concern: cachemgr & GET method ?

From: Henrik Nordstrom <>
Date: Mon, 11 Jan 1999 22:43:02 +0100

Alex Rousskov wrote:

> The main reason why Web interface uses GET is that with POST you
> have to answer annoying "Resend POST data?" questions all the time.
> Ideally, we should use Basic or other HTTP authentication methods.

This is only a limitation of the current (crude) cachemgr.cgi menu
interface. Basic HTTP authentication is used between cachemgr.cgi and

> Using POST data on the Squid side will require some changes in
> the Squid code.

Not really. POST is in fact already implemented in cachemgr.cgi. It is
only a matter of constructing the right HTML forms to call it with.


would be (with a small bonus)

<FORM ACTION="http://fox/cgi-bin/cachemgr.cgi" METHOD=POST>
Host: <INPUT NAME=host VALUE="bridge">
Port: <INPUT NAME=port VALUE="3128">
Operation: <SELECT NAME=operation>
<OPTION VALUE="info">General Runtime Information
<OPTION VALUE="utilization">Cache Utilization
Login: <INPUT NAME=user_name VALUE="foo">

To get a complete list of the operations and their descriptions, run
"client cache_object://localhost:3128/"

Henrik Nordstrom
Spare time Squid hacker
Received on Mon Jan 11 1999 - 14:35:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:58 MST