On Tue, 16 Feb 2010 14:20:15 +0100, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote: >> > On 14.02.10 01:32, J. Webster wrote: >> >> Would that work with: >> >> http_access deny manager CONNECT !SSL_ports > >> On Mon, 15 Feb 2010 15:32:30 +0100, Matus UHLAR - fantomas >> <uhlar@xxxxxxxxxxx> wrote: >> > no, the manager is not fetched by CONNECT request (unless something is >> > broken). >> > >> > you need https_port directive and acl of type "myport", then allow >> > manager only on the https port. that should work. >> > >> > note that you should access manager directly not using the proxy. > > On 16.02.10 13:59, Amos Jeffries wrote: >> You may (or may not) hit a problem after trying that because the cache >> mgr >> access uses its own protocol >> cache_object:// not htps://. An SSL tunnel with mgr access going through >> it should not have that problem but one never knows. > > but it connect to standard HTTP port, right? Yes. > > I think that the problem itself lies in cachemgr.cgi not being able to > connect via SSL Yes. This should probably be reported as an enhancement bug so we don't forget it. CacheMgr is due for a bit more of a cleanup someday, so it would be a shame to miss this out. Amos
