On Mon, 15 Feb 2010 15:32:30 +0100, Matus UHLAR - fantomas
<uhlar_at_fantomas.sk> wrote:
> On 14.02.10 01:32, J. Webster wrote:
>> Would that work with:
>> http_access deny manager CONNECT !SSL_ports
>
> no, the manager is not fetched by CONNECT request (unless something is
> broken).
>
> you need https_port directive and acl of type "myport", then allow
manager
> only on the https port. that should work.
>
> note that you should access manager directly not using the proxy.
>
You may (or may not) hit a problem after trying that because the cache mgr
access uses its own protocol
cache_object:// not htps://. An SSL tunnel with mgr access going through
it should not have that problem but one never knows.
Amos
>> ----------------------------------------
>> > Date: Sat, 13 Feb 2010 20:58:11 +0100
>> > From: uhlar_at_fantomas.sk
>> > To: squid-users_at_squid-cache.org
>> > Subject: Re: [squid-users] cache manager access from web
>> >
>> > On 11.02.10 10:46, J. Webster wrote:
>> >> I have changed the config and can now login to the cache manager.
>> >> This was in the conf already:
>> >> http_access deny CONNECT !SSL_ports
>> >>
>> >> So, the issue remains whether allowing password access to the cache
>> >> manager is enough.
>> >> How else can this be made more secure? I guess not if the only way
>> >> for me to access it is through a public IP address.
>> >
>> > I think allowing managr only on https_port should work and help...
Received on Tue Feb 16 2010 - 01:07:51 MST
This archive was generated by hypermail 2.2.0 : Tue Feb 16 2010 - 12:00:05 MST