On 14.02.10 01:32, J. Webster wrote: > Would that work with: > http_access deny manager CONNECT !SSL_ports no, the manager is not fetched by CONNECT request (unless something is broken). you need https_port directive and acl of type "myport", then allow manager only on the https port. that should work. note that you should access manager directly not using the proxy. > ---------------------------------------- > > Date: Sat, 13 Feb 2010 20:58:11 +0100 > > From: uhlar@xxxxxxxxxxx > > To: squid-users@xxxxxxxxxxxxxxx > > Subject: Re: cache manager access from web > > > > On 11.02.10 10:46, J. Webster wrote: > >> I have changed the config and can now login to the cache manager. > >> This was in the conf already: > >> http_access deny CONNECT !SSL_ports > >> > >> So, the issue remains whether allowing password access to the cache manager is enough. > >> How else can this be made more secure? I guess not if the only way for me to access it is through a public IP address. > > > > I think allowing managr only on https_port should work and help... -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows found: (R)emove, (E)rase, (D)elete
