On 14.02.10 01:32, J. Webster wrote:
> Would that work with:
> http_access deny manager CONNECT !SSL_ports
no, the manager is not fetched by CONNECT request (unless something is
broken).
you need https_port directive and acl of type "myport", then allow manager
only on the https port. that should work.
note that you should access manager directly not using the proxy.
> ----------------------------------------
> > Date: Sat, 13 Feb 2010 20:58:11 +0100
> > From: uhlar_at_fantomas.sk
> > To: squid-users_at_squid-cache.org
> > Subject: Re: [squid-users] cache manager access from web
> >
> > On 11.02.10 10:46, J. Webster wrote:
> >> I have changed the config and can now login to the cache manager.
> >> This was in the conf already:
> >> http_access deny CONNECT !SSL_ports
> >>
> >> So, the issue remains whether allowing password access to the cache manager is enough.
> >> How else can this be made more secure? I guess not if the only way for me to access it is through a public IP address.
> >
> > I think allowing managr only on https_port should work and help...
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)eleteReceived on Mon Feb 15 2010 - 14:32:35 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 16 2010 - 12:00:05 MST