[squid-users] acls for 2 cachemgr users groups: info for localnets and info for no-password single user

From: Adam <[email protected]>
Date: Tue, 22 Apr 2003 17:37:31 -0700

Hello,

Wanting to use RRD to graph squid stats, I just installed Duane Wessels'
squid-rrd. It looks great so far but if squid-rrd is deprecated, out of
date, or there is something better you can recommend that works with RRD [I
already know there are a lot, just curious about *personal*
recommendations], I'd appreciate any tips or recommendations. I think I
need to tweak some of the graph units/scale. I also like squid-rrd because
it graphs what the staff are seeing in the equally wonderful cachemgr.cgi
script. Duane has a comment that he'd like to use snmpget but currently a
number of interesting stats are not available via Squid's SNMP mib. Again
if that has changed, please let me know.

My question is about acl's more than squid-rrd or cachemgr.cgi. What I want
is for everyone to access the cachemgr.cgi script via a password at the
"info" level except users (actually programs) from "myserver" which should
access cachemgr.cgi without a password. I got it to work (see below) but I
had to set the password protected manager to a different level and then
manually disable the dangerous stuff. Is this the right way to go? Seems
to work ok but I just wanted to run it by the list. (In case it matters:
Squid 2.5STABLE2, Sun Ultra 60, Solaris 8.)

thanks,

Adam

acl manager proto cache_object
acl rrdprog proto cache_object
acl myserver src 192.168.3.45/255.255.255.255
http_access allow manager
http_access allow rrdprog myserver
http_access deny to_localhost
cachemgr_passwd disable shutdown offline_toggle config
cachemgr_passwd none info myserver
cachemgr_passwd apassword all <==== would prefer to be able to also use info
here instead of "all" w/ the disable line above
Received on Tue Apr 22 2003 - 18:37:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:12 MST