Amos Jeffries wrote:
J. Webster wrote:I have followed the tutorial here: http://wiki.squid-cache.org/SquidFaq/CacheManager and set up acls to access the cache manager cgi on my server. I have to access this externally for the moment as that is the only access to the server that I have (SSH or web). The cache manager login appears when I access: http://myexternalipaddress/cgi-bin/cachemgr.cgiI have set the cache manager login and password in the squid.conf # TAG: cache_mgr # Email-address of local cache manager who will receive # mail if the cache dies. The default is "root". # #Default: # cache_mgr root cache_mgr aaa@xxxxxxx cachemgr_passwd aaa all #Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl cacheadmin src 88.xxx.xxx.xx9/255.255.255.255 #external IP address?You don't need the /255.255.255.255 bit. Just a single IP address will do.acl to_localhost dst 127.0.0.0/8 # Only allow cachemgr access from localhost
As a side note....
http_access allow ncsa_users http_access allow manager localhost http_access allow manager cacheadmin http_access deny manager
cache_manager access (any access, really) is already allowed to ncsa_users, no matter if they are accessing from localhost, 88.xxx.xxx.xx9 or any other IP. You might want to have a gander at the FAQ section on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl).
However, whenever I enter the password and select localhost port 8080 from the cgi script I get:The following error was encountered: Cache Access Denied. Sorry, you are not currently allowed to request: cache_object://localhost/ from this cache until you have authenticated yourself.Looks like the CGI script does its own internal access to Squid to fetch the page data. But does not have the right login details to pass your "http_access allow ncsa_auth" security config.Amos
Chris
