J. Webster wrote:
> I have changed the config and can now login to the cache manager.
> This was in the conf already:
> http_access deny CONNECT !SSL_ports
>
The placement of that line is important. Squid's access controls work
on a "first match" basis. I strongly advise reading the FAQ section on
ACLs for more details.
> So, the issue remains whether allowing password access to the cache manager is enough.
>
That's really a personal decision.
> How else can this be made more secure?
Only allowing access from localhost.
> I guess not if the only way for me to access it is through a public IP address.
Use port forwarding via SSH to make a HTTP connection. The connection
will (as far as Squid is concerned) originate from localhost.
Chris
Received on Thu Feb 11 2010 - 20:30:05 MST
This archive was generated by hypermail 2.2.0 : Fri Feb 12 2010 - 12:00:04 MST