Bug 112725
| Summary: | [patch] Add localhost access to cachemgr.cgi | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dax Kelson <dkelson> |
| Component: | squid | Assignee: | Martin Stransky <stransky> |
| Status: | CLOSED RAWHIDE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 1 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-07-07 11:18:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I simplified it a bit: # # This is /etc/httpd/conf.d/squid.conf # ScriptAlias /Squid/cgi-bin/cachemgr.cgi /usr/lib/squid/cachemgr.cgi # Only allow access from localhost by default <Location /Squid/cgi-bin/cachemgr.cgi> order allow,deny allow from localhost # Add additional allowed hosts as needed # allow from .example.com </Location> |
Description of problem: Squid ships with a powerful tool to examine proxy server details called cachemgr.cgi. The RH squid RPM install it into /usr/lib/squid which is fine. One might say, "simply copy the file or create a symlink to /var/www/cgi-bin". I propose the following instead: # # This is /etc/httpd/conf.d/squid.conf # ScriptAlias /Squid/cgi-bin /usr/lib/squid/ # Block all requests into this directory # as other squid binaries live in /usr/lib/squid <Location /Squid/cgi-bin> deny from all </Location> # Open up access for this specific binary # Only allow access from localhost by default <Location /Squid/cgi-bin/cachemgr.cgi> order allow,deny allow from localhost # Add additional allowed hosts as needed # allow from .example.com </Location>