Re: Decurity concern: cachemgr & GET method ?

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 11 Jan 1999 22:43:02 +0100

Alex Rousskov wrote:

> The main reason why Web interface uses GET is that with POST you
> have to answer annoying "Resend POST data?" questions all the time.
> Ideally, we should use Basic or other HTTP authentication methods.

This is only a limitation of the current (crude) cachemgr.cgi menu
interface. Basic HTTP authentication is used between cachemgr.cgi and
Squid.

> Using POST data on the Squid side will require some changes in
> the Squid code.

Not really. POST is in fact already implemented in cachemgr.cgi. It is
only a matter of constructing the right HTML forms to call it with.

http://fox/cgi-bin/cachemgr.cgi?host=bridge&port=3128&user_name=foo&operation=info&auth=YpJpZGdlgDkxNjA0MDLzN3xrjWV8cGk0dGVt

would be (with a small bonus)

<FORM ACTION="http://fox/cgi-bin/cachemgr.cgi" METHOD=POST>
<PRE>
Host: <INPUT NAME=host VALUE="bridge">
Port: <INPUT NAME=port VALUE="3128">
Operation: <SELECT NAME=operation>
<OPTION VALUE="info">General Runtime Information
<OPTION VALUE="utilization">Cache Utilization
</SELECT>
Login: <INPUT NAME=user_name VALUE="foo">
Password: <INPUT TYPE=PASSWORD NAME=passwd>
<INPUT TYPE=SUBMIT>
</PRE></FORM>

To get a complete list of the operations and their descriptions, run
"client cache_object://localhost:3128/"

---
Henrik Nordstrom
Spare time Squid hacker
Received on Mon Jan 11 1999 - 14:35:14 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:58 MST