RE: Outstanding bug reports

From: Robert Collins <robert.collins@dont-contact.us>
Date: Mon, 21 May 2001 09:41:02 +1000

> -----Original Message-----
> From: Henrik Nordstrom [mailto:hno@hem.passagen.se]
> Sent: Sunday, May 20, 2001 10:05 AM
> To: Robert Collins
> Cc: squid-dev@squid-cache.org
> Subject: Re: Outstanding bug reports
>
>
> You are welcome, as would anyone else willing to accept responsibility
> for a bug report.. (we need serious help in managing the bug reports..
> they often backlog by many many months)

I can't offer time-guarantees, as all non-paid-squid work is on my own
time, but I'm willing to have new auth-related bugs assigned to me in
bugzilla. (It does email out when that happens right?).
 
> What about 113? Not sure I understand you. But I think I
> understand the
> report... and it makes sense to do so I think.

I meant that the current default doesn't allow localhost to do anything
other than "manager". So localhost needs to be explicitly enabled by the
user for proxy access. So I think we already do what that bug sugegsts
:]
===
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# And finally deny all other access to this proxy
http_access deny all
===
 
> Things fixed by automake does not need to be fixed in the non-automake
> setup. Posted those mostly so you can verify that they are
> fixed in the
> automake setup. If they are, please add a note saying so.

Will confirm and do so.

Rob
 
> --
> Henrik
>
>
> Robert Collins wrote:
> >
> > Any objection if I assign 114 (ip-ttl) to me. I'll check it
> out on 2.4.
> > IIRC 131 does block localhost doesn't it?
> > IMO 129 and 105 are really enhancements - and are fixed by
> automake - if
> > we can get that in for 2.5
> >
> > Rob
> >
> > ----- Original Message -----
> > From: "Henrik Nordstrom" <hno@hem.passagen.se>
> > To: <squid-dev@squid-cache.org>
> > >
> > > <http://www.squid-cache.org/bugs/show_bug.cgi?id=105>
> > > --program-suffix and --program-prefix configure options.
> > >
> > > <http://www.squid-cache.org/bugs/show_bug.cgi?id=114>
> > > authenticate_ip_ttl_is_strict reported not working at all (same as
> > > disabling authenticate_ip_ttl)
> > >
> > >
> > > <http://www.squid-cache.org/bugs/show_bug.cgi?id=129>
> > > "make install" does not have a DESTDIR or similar "root directory"
> > > override variable (very useful for package maintainers)
> > >
> > > <http://www.squid-cache.org/bugs/show_bug.cgi?id=131>
> > > default ACL configuration should block access to "localhost", to
> > prevent
> > > bypassing of local http server access controls by proxying
> > > http://localhost/
> > >
> > >
> > > --
> > > Henrik
> > >
>
Received on Sun May 20 2001 - 17:49:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:14:01 MST