Re: Decurity concern: cachemgr & GET method ?

From: Jonathan Larmour <[email protected]>
Date: Mon, 11 Jan 1999 22:54:06 +0000

Alex Rousskov wrote:
>
> On Mon, 11 Jan 1999, Henrik Nordstrom wrote:
>
> > This is only a limitation of the current (crude) cachemgr.cgi menu
> > interface. Basic HTTP authentication is used between cachemgr.cgi and
> > Squid.
>
> Right. Unfortunately, there is probably no clean way for the cache manager
> CGI to forward HTTP authentication to Squid without doing the
> authentication on the http server. Thus, we are stuck with GET- or
> POST-based authentication. :(

Then perhaps the way forward is to integrate the cache manager into squid,
but perhaps running on a different port[1]. Making squid script small bits
of HTML isn't much bloat really as the cache manager is only accessed
infrequently. This would free up the reliance on an external httpd, and
confusions with permissions etc. that that causes.

Of course the coding is non-trivial :-).

[1] Actually it wouldn't _have_ to run on a different port. Its possible for
squid to intercept proxy requests of the form
http://visible_hostname/squid/manager/ but there is potential for confusion
there as this may overlap with a web server on the same machine.

Jifl

-- 
Cygnus Solutions, 35 Cambridge Place, Cambridge, UK.  Tel: +44 (1223) 728762
"Women marry hoping their husbands will change, men||Home e-mail: jifl @ 
marry hoping their wives never do. Both are rare." ||     jifvik.demon.co.uk
Help fight spam! http://spam.abuse.net/  These opinions are all my own fault
Received on Mon Jan 11 1999 - 15:41:00 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:43:58 MST