[squid-users] log problem
Yuri
yvoinov at gmail.com
Thu Jan 25 01:39:58 UTC 2018
In order not to be unfounded:
https://bugs.squid-cache.org/show_bug.cgi?id=4572
I found workaround more than year ago, however I believe but still exists.
PS. It's elementary to reproduce. Just specify cachemgr_passwd in
squid.conf and do not disable password access to cachemgr stats. Then
access to cachemgr from any tool like sqstat - with password (basic
auth) - and see what will in access.log. Congrats, you just show your
proxy manager password to all stats tool and anybody who watch your
statistics reports.
25.01.2018 07:25, Yuri пишет:
>
> Everything is a little worse. If you need a password to access the
> cachemanager - it will shown in the logs. I believe that this is a bug
> and a hole in security.
>
> Preventing by ACL can be workaround, but hardly this is feature.
>
>
> 24.01.2018 20:44, Amos Jeffries пишет:
> > On 25/01/18 02:59, Alex Gutiérrez Martínez wrote:
> >> Hello comunity, im using squid 3.3.8 on ubuntu 14.04.02 LTS. I have
> >> implemented sqstat on this server to monitor my bandwidth. My
> problem is
> >> simple, i need to remove from my log the line created by sqstat.
> >>
> >> 1516801891.375 1 10.28.27.36 TCP_MISS/200 25526 GET
> >> cache_object://localhost/active_requests - HIER_NONE/- text/plain
> >>
> >>
> >> I tried using "access_log" directive, but until now the only thing i
> >> acomplish is stop my squid using a bad configuration.
> >>
> >> Does anyone have an idea of how to solve this problem?
> >>
>
> > access_log is the way to go, using the 'manager' ACL.
>
> > Somewhat like this:
>
> > access_log /var/log/squid/access.log squid !manager
>
>
> > ... or if you want to log other manager access *except* for the sqstat
> > ones. Then you will need an ACL that uniquely identifies sqstat instead
> > of manager.
>
>
> > Amos
> > _______________________________________________
> > squid-users mailing list
> > squid-users at lists.squid-cache.org
> > http://lists.squid-cache.org/listinfo/squid-users
>
>
--
*****************************
* C++20 : Bug to the future *
*****************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180125/2e993a9b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180125/2e993a9b/attachment.sig>
More information about the squid-users
mailing list