As a side note.... >> http_access allow ncsa_users >> http_access allow manager localhost >> http_access allow manager cacheadmin >> http_access deny manager cache_manager access (any access, really) is already allowed to ncsa_users, no matter if they are accessing from localhost, 88.xxx.xxx.xx9 or any other IP. You might want to have a gander at the FAQ section on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl). Doesn't the fact that the manager needs a password in previous config lines mean that they can't access it? the ncsa_users is only for http access? ---------------------------------------- > Date: Tue, 9 Feb 2010 16:14:31 -0900 > From: crobertson@xxxxxxx > To: squid-users@xxxxxxxxxxxxxxx > Subject: Re: cache manager access from web > > Amos Jeffries wrote: >> J. Webster wrote: >>> I have followed the tutorial here: >>> http://wiki.squid-cache.org/SquidFaq/CacheManager >>> and set up acls to access the cache manager cgi on my server. I have >>> to access this externally for the moment as that is the only access >>> to the server that I have (SSH or web). The cache manager login >>> appears when I access: http://myexternalipaddress/cgi-bin/cachemgr.cgi >>> I have set the cache manager login and password in the squid.conf >>> # TAG: cache_mgr >>> # Email-address of local cache manager who will receive >>> # mail if the cache dies. The default is "root". >>> # >>> #Default: >>> # cache_mgr root >>> cache_mgr aaa@xxxxxxx >>> cachemgr_passwd aaa all >>> #Recommended minimum configuration: >>> acl all src 0.0.0.0/0.0.0.0 >>> acl manager proto cache_object >>> acl localhost src 127.0.0.1/255.255.255.255 >>> acl cacheadmin src 88.xxx.xxx.xx9/255.255.255.255 #external IP address? >> >> You don't need the /255.255.255.255 bit. Just a single IP address will >> do. >> >>> acl to_localhost dst 127.0.0.0/8 >>> # Only allow cachemgr access from localhost > > As a side note.... > >>> http_access allow ncsa_users >>> http_access allow manager localhost >>> http_access allow manager cacheadmin >>> http_access deny manager > > cache_manager access (any access, really) is already allowed to > ncsa_users, no matter if they are accessing from localhost, > 88.xxx.xxx.xx9 or any other IP. You might want to have a gander at the > FAQ section on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl). > >>> >>> However, whenever I enter the password and select localhost port 8080 >>> from the cgi script I get: >>> The following error was encountered: >>> Cache Access Denied. >>> Sorry, you are not currently allowed to request: >>> cache_object://localhost/ >>> from this cache until you have authenticated yourself. >> >> Looks like the CGI script does its own internal access to Squid to >> fetch the page data. But does not have the right login details to pass >> your "http_access allow ncsa_auth" security config. >> >> Amos > > Chris > _________________________________________________________________ Got a cool Hotmail story? Tell us now http://clk.atdmt.com/UKM/go/195013117/direct/01/