Re: [squid-users] cache manager access from web

From: Chris Robertson <crobertson_at_gci.net>
Date: Thu, 11 Feb 2010 11:29:56 -0900

J. Webster wrote:
> I have changed the config and can now login to the cache manager.
> This was in the conf already:
> http_access deny CONNECT !SSL_ports
>

The placement of that line is important. Squid's access controls work
on a "first match" basis. I strongly advise reading the FAQ section on
ACLs for more details.

> So, the issue remains whether allowing password access to the cache manager is enough.
>

That's really a personal decision.

> How else can this be made more secure?

Only allowing access from localhost.

> I guess not if the only way for me to access it is through a public IP address.

Use port forwarding via SSH to make a HTTP connection. The connection
will (as far as Squid is concerned) originate from localhost.

Chris
Received on Thu Feb 11 2010 - 20:30:05 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 12 2010 - 12:00:04 MST