Re: [squid-users] cache manager access from web

On 14.02.10 01:32, J. Webster wrote:
> Would that work with:
> http_access deny manager CONNECT !SSL_ports

no, the manager is not fetched by CONNECT request (unless something is
broken).

you need https_port directive and acl of type "myport", then allow manager
only on the https port. that should work.

note that you should access manager directly not using the proxy.

> ----------------------------------------
> > Date: Sat, 13 Feb 2010 20:58:11 +0100
> > From: uhlar_at_fantomas.sk
> > To: squid-users_at_squid-cache.org
> > Subject: Re: [squid-users] cache manager access from web
> >
> > On 11.02.10 10:46, J. Webster wrote:
> >> I have changed the config and can now login to the cache manager.
> >> This was in the conf already:
> >> http_access deny CONNECT !SSL_ports
> >>
> >> So, the issue remains whether allowing password access to the cache manager is enough.
> >> How else can this be made more secure? I guess not if the only way for me to access it is through a public IP address.
> >
> > I think allowing managr only on https_port should work and help...

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Windows found: (R)emove, (E)rase, (D)elete