Re: log problem

Yuri <yvoinov@xxxxxxxxx> · Thu, 25 Jan 2018 07:39:58 +0600



    In
        order not to be unfounded:

        
      https://bugs.squid-cache.org/show_bug.cgi?id=4572

    
    I found workaround more than year ago, however I believe but still
    exists.

    
    PS. It's elementary to reproduce. Just specify cachemgr_passwd in
    squid.conf and do not disable password access to cachemgr stats.
    Then access to cachemgr from any tool like sqstat - with password
    (basic auth) - and see what will in access.log. Congrats, you just
    show your proxy manager password to all stats tool and anybody who
    watch your statistics reports.

    
    25.01.2018 07:25, Yuri пишет:

    >

    Everything is a little worse. If you need a
      password to access the cachemanager - it will shown in the logs. I
      believe that this is a bug and a hole in security.

      
      Preventing by ACL can be workaround, but hardly this is feature.

      
      24.01.2018 20:44, Amos Jeffries пишет:

      > On 25/01/18 02:59, Alex Gutiérrez Martínez wrote:

      >> Hello comunity, im using squid 3.3.8 on ubuntu 14.04.02
      LTS. I have

      >> implemented sqstat on this server to monitor my
      bandwidth. My problem is

      >> simple, i need to remove from my log the line created by
      sqstat.

      >>

      >> 1516801891.375      1 10.28.27.36 TCP_MISS/200 25526 GET

      >> cache_object://localhost/active_requests - HIER_NONE/-
      text/plain

      >>

      >>

      >> I tried using "access_log" directive, but until now the
      only thing i

      >> acomplish is stop my squid using a bad configuration.

      >>

      >> Does anyone have an idea of how to solve this problem?

      >>

      
      > access_log is the way to go, using the 'manager' ACL.

      
      > Somewhat like this:

      
      >   access_log /var/log/squid/access.log squid !manager

      
      > ... or if you want to log other manager access *except* for
      the sqstat

      > ones. Then you will need an ACL that uniquely identifies
      sqstat instead

      > of manager.

      
      > Amos

      > _______________________________________________

      > squid-users mailing list

      > squid-users@xxxxxxxxxxxxxxxxxxxxx

      > http://lists.squid-cache.org/listinfo/squid-users

      
    >


    -- 

    *****************************

    * C++20 : Bug to the future *

    *****************************

    
Attachment:
signature.asc

Description: OpenPGP digital signature
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users