Amos Jeffries wrote:
J. Webster wrote:
I have followed the tutorial here:
http://wiki.squid-cache.org/SquidFaq/CacheManager
and set up acls to access the cache manager cgi on my server. I have
to access this externally for the moment as that is the only access
to the server that I have (SSH or web). The cache manager login
appears when I access: http://myexternalipaddress/cgi-bin/cachemgr.cgi
I have set the cache manager login and password in the squid.conf
# TAG: cache_mgr
# Email-address of local cache manager who will receive
# mail if the cache dies. The default is "root".
#
#Default:
# cache_mgr root
cache_mgr a...@aaa.com
cachemgr_passwd aaa all
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl cacheadmin src 88.xxx.xxx.xx9/255.255.255.255 #external IP address?
You don't need the /255.255.255.255 bit. Just a single IP address will
do.
acl to_localhost dst 127.0.0.0/8
# Only allow cachemgr access from localhost
As a side note....
http_access allow ncsa_users
http_access allow manager localhost
http_access allow manager cacheadmin
http_access deny manager
cache_manager access (any access, really) is already allowed to
ncsa_users, no matter if they are accessing from localhost,
88.xxx.xxx.xx9 or any other IP. You might want to have a gander at the
FAQ section on ACLs (http://wiki.squid-cache.org/SquidFaq/SquidAcl).
However, whenever I enter the password and select localhost port 8080
from the cgi script I get:
The following error was encountered:
Cache Access Denied.
Sorry, you are not currently allowed to request:
cache_object://localhost/
from this cache until you have authenticated yourself.
Looks like the CGI script does its own internal access to Squid to
fetch the page data. But does not have the right login details to pass
your "http_access allow ncsa_auth" security config.
Amos
Chris