Bug 112725 - [patch] Add localhost access to cachemgr.cgi
Summary: [patch] Add localhost access to cachemgr.cgi
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: squid   
(Show other bugs)
Version: 1
Hardware: All Linux
medium
medium
Target Milestone: ---
Assignee: Martin Stransky
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-12-29 23:29 UTC by Dax Kelson
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-07 11:18:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Dax Kelson 2003-12-29 23:29:46 UTC
Description of problem:

Squid ships with a powerful tool to examine proxy server details
called cachemgr.cgi. The RH squid RPM install it into /usr/lib/squid
which is fine.

One might say, "simply copy the file or create a symlink to
/var/www/cgi-bin".

I propose the following instead:

#
# This is /etc/httpd/conf.d/squid.conf
#

ScriptAlias     /Squid/cgi-bin  /usr/lib/squid/
                                                                     
          
# Block all requests into this directory
# as other squid binaries live in /usr/lib/squid
<Location /Squid/cgi-bin>
 deny from all
</Location>
                                                                     
          
# Open up access for this specific binary
# Only allow access from localhost by default
<Location /Squid/cgi-bin/cachemgr.cgi>
 order allow,deny
 allow from localhost
 # Add additional allowed hosts as needed
 # allow from .example.com
</Location>

Comment 1 Dax Kelson 2003-12-30 00:51:33 UTC
I simplified it a bit:

#
# This is /etc/httpd/conf.d/squid.conf
#

ScriptAlias /Squid/cgi-bin/cachemgr.cgi /usr/lib/squid/cachemgr.cgi

# Only allow access from localhost by default
<Location /Squid/cgi-bin/cachemgr.cgi>
 order allow,deny
 allow from localhost
 # Add additional allowed hosts as needed
 # allow from .example.com
</Location>



Note You need to log in before you can comment on or make changes to this bug.