On Mon, 15 Feb 2010 15:32:30 +0100, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: > On 14.02.10 01:32, J. Webster wrote: >> Would that work with: >> http_access deny manager CONNECT !SSL_ports > > no, the manager is not fetched by CONNECT request (unless something is > broken). > > you need https_port directive and acl of type "myport", then allow manager > only on the https port. that should work. > > note that you should access manager directly not using the proxy. > You may (or may not) hit a problem after trying that because the cache mgr access uses its own protocol cache_object:// not htps://. An SSL tunnel with mgr access going through it should not have that problem but one never knows. Amos >> ---------------------------------------- >> > Date: Sat, 13 Feb 2010 20:58:11 +0100 >> > From: uhlar@xxxxxxxxxxx >> > To: squid-users@xxxxxxxxxxxxxxx >> > Subject: Re: cache manager access from web >> > >> > On 11.02.10 10:46, J. Webster wrote: >> >> I have changed the config and can now login to the cache manager. >> >> This was in the conf already: >> >> http_access deny CONNECT !SSL_ports >> >> >> >> So, the issue remains whether allowing password access to the cache >> >> manager is enough. >> >> How else can this be made more secure? I guess not if the only way >> >> for me to access it is through a public IP address. >> > >> > I think allowing managr only on https_port should work and help...
