Bug 112725 - [patch] Add localhost access to cachemgr.cgi
[patch] Add localhost access to cachemgr.cgi
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: squid (Show other bugs)
1
All Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Stransky
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-12-29 18:29 EST by Dax Kelson
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-07 07:18:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dax Kelson 2003-12-29 18:29:46 EST
Description of problem:

Squid ships with a powerful tool to examine proxy server details
called cachemgr.cgi. The RH squid RPM install it into /usr/lib/squid
which is fine.

One might say, "simply copy the file or create a symlink to
/var/www/cgi-bin".

I propose the following instead:

#
# This is /etc/httpd/conf.d/squid.conf
#

ScriptAlias     /Squid/cgi-bin  /usr/lib/squid/
                                                                     
          
# Block all requests into this directory
# as other squid binaries live in /usr/lib/squid
<Location /Squid/cgi-bin>
 deny from all
</Location>
                                                                     
          
# Open up access for this specific binary
# Only allow access from localhost by default
<Location /Squid/cgi-bin/cachemgr.cgi>
 order allow,deny
 allow from localhost
 # Add additional allowed hosts as needed
 # allow from .example.com
</Location>
Comment 1 Dax Kelson 2003-12-29 19:51:33 EST
I simplified it a bit:

#
# This is /etc/httpd/conf.d/squid.conf
#

ScriptAlias /Squid/cgi-bin/cachemgr.cgi /usr/lib/squid/cachemgr.cgi

# Only allow access from localhost by default
<Location /Squid/cgi-bin/cachemgr.cgi>
 order allow,deny
 allow from localhost
 # Add additional allowed hosts as needed
 # allow from .example.com
</Location>

Note You need to log in before you can comment on or make changes to this bug.