I'm sure this has popped up before, but: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=133131
An example of someone using cachemgr.cgi to portscan arbitrary hosts. What do you all think about adding in some basic configuration to lock down which port/host the installed cachemgr.cgi is permitted to look at? Adrian
