"Alan J. Flavell" wrote:
> > And? localhost should not be allowed to access cachemgr.cgi I think if
> > you are using IP based access controls..
>
> Hmmm: this would then imply that e.g anadmin logged on to the
> host where the server is running would be denied access to the
> cachemgr interface.
It does, but as one should not run things on a server in the first place
this should not be a problem.
If you need to allow it, then make sure to block proxying to localhost
in squid.conf.
acl to_localhost dst 127.0.0.0/8
http_access deny to_localhost
This protects you from a number of similar issues with other services
running on localhost, not only cachemgr.cgi.
-- Henrik Nordstrom Squid HackerReceived on Sat Sep 15 2001 - 12:09:14 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:02:11 MST