Azfar Kazmi writes:
>I am using Squid 1.NOVM.18 on a RedHat 4.1 Linux [kernel 2.0.34] machine. I
>have specified in squid.conf that only 'smarthost' can run the cachemgr.cgi
>and no one else can. But, the fact is that, you can run it from anywhere.
>My squid.conf relevant entries look like this:
>
>---
>acl manager proto cache_object
>acl smarthost src 132.1.0.1/255.255.0.0
>acl all src 0.0.0.0/0.0.0.0
>
>acl SSL_ports port 443 563
>acl Dangerous_ports port 7 9 19
>acl CONNECT method CONNECT
>
>http_access deny manager !smarthost
>http_access deny CONNECT !SSL_ports
>http_access deny Dangerous_ports
>
>http_access allow all
>---
>
>Now I can still access the cache manager from any host and from any IP. How
>can I make it only be accessible from smarthost whose IP is 132.1.0.1?
rewrite it like this:
http_access allow manager smarthost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny Dangerous_ports
http_access allow all
And you might want to reconsider the last line. It means anyone
can use your cache, at least for non-Dangerous_ports.
Duane W.
Received on Tue Nov 03 1998 - 10:33:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:42:56 MST