Search squid archive

Re: cache manager access from web

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



J. Webster wrote:
Doesn't the fact that the manager needs a password in previous config lines mean that they can't access it?

Fair enough, if you are content with that.

the ncsa_users is only for http access?

The cachemgr interface is accessed via HTTP. It uses a specific request method (identified by the ACLs as manager), but it is a subset of HTTP.

Changing the access rules like...

http_access allow manager localhost
http_access allow manager cacheadmin
http_access deny manager
http_access allow ncsa_users

...prevents those who are allowed to utilize your cache from even attempting access to your cachemgr interface (unless they are surfing from localhost, or the IP identified by the cacheadmin ACL). The default squid.conf has some further denies (such as preventing CONNECT requests to non-SSL ports) that are also missing from this configuration snippet, so this is not the only avenue for abuse.

Chris


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux