On Tue, 16 Feb 2010 14:20:15 +0100, Matus UHLAR - fantomas
<uhlar_at_fantomas.sk> wrote:
>> > On 14.02.10 01:32, J. Webster wrote:
>> >> Would that work with:
>> >> http_access deny manager CONNECT !SSL_ports
>
>> On Mon, 15 Feb 2010 15:32:30 +0100, Matus UHLAR - fantomas
>> <uhlar_at_fantomas.sk> wrote:
>> > no, the manager is not fetched by CONNECT request (unless something
is
>> > broken).
>> >
>> > you need https_port directive and acl of type "myport", then allow
>> > manager only on the https port. that should work.
>> >
>> > note that you should access manager directly not using the proxy.
>
> On 16.02.10 13:59, Amos Jeffries wrote:
>> You may (or may not) hit a problem after trying that because the cache
>> mgr
>> access uses its own protocol
>> cache_object:// not htps://. An SSL tunnel with mgr access going
through
>> it should not have that problem but one never knows.
>
> but it connect to standard HTTP port, right?
Yes.
>
> I think that the problem itself lies in cachemgr.cgi not being able to
> connect via SSL
Yes. This should probably be reported as an enhancement bug so we don't
forget it.
CacheMgr is due for a bit more of a cleanup someday, so it would be a
shame to miss this out.
Amos
Received on Tue Feb 16 2010 - 21:51:49 MST
This archive was generated by hypermail 2.2.0 : Thu Feb 18 2010 - 12:00:06 MST