Re: Decurity concern: cachemgr & GET method ?

From: Alex Rousskov <>
Date: Mon, 11 Jan 1999 15:19:00 -0700 (MST)

On Mon, 11 Jan 1999, Henrik Nordstrom wrote:

> This is only a limitation of the current (crude) cachemgr.cgi menu
> interface. Basic HTTP authentication is used between cachemgr.cgi and
> Squid.

Right. Unfortunately, there is probably no clean way for the cache manager
CGI to forward HTTP authentication to Squid without doing the
authentication on the http server. Thus, we are stuck with GET- or
POST-based authentication. :(
> > Using POST data on the Squid side will require some changes in
> > the Squid code.
> Not really. POST is in fact already implemented in cachemgr.cgi. It is
> only a matter of constructing the right HTML forms to call it with.

I was talking about the _Squid_ side. The CGI script does handle POST
requests (but, as you noted, does not generate appropriate pages). AFAIK,
we do not handle POST requests in Squid's cache_manger.c at the moment.

> To get a complete list of the operations and their descriptions, run
> "client cache_object://localhost:3128/"

Or just
        client mgr:

Received on Mon Jan 11 1999 - 15:01:57 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:58 MST