J. Webster wrote:
I have changed the config and can now login to the cache manager. This was in the conf already: http_access deny CONNECT !SSL_ports
The placement of that line is important. Squid's access controls work on a "first match" basis. I strongly advise reading the FAQ section on ACLs for more details.
So, the issue remains whether allowing password access to the cache manager is enough.
That's really a personal decision.
How else can this be made more secure?
Only allowing access from localhost.
I guess not if the only way for me to access it is through a public IP address.
Use port forwarding via SSH to make a HTTP connection. The connection will (as far as Squid is concerned) originate from localhost.
Chris
