Release Notes: update manager ACL and MGR_INDEX documentation

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index a12767ca96ca5d8c45ca4d416969668788f7938f..aee57b94625f8bf89408188981c9202e7ce15d29 100644 (file)
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -412,9 +412,10 @@ Most user-facing changes are reflected in squid.conf (see below).
 <p>The cache manager is available under the path prefix /squid-internal-mgr/. For example
    the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
    means there are some configuration changes required to lock down manager access.
-   The <em>manager</em> ACL needs changing to:
+   The <em>manager</em> ACL needs changing. A built-in definition is now used, equivalent
+   to the following regex pattern:
 <verb>
-       acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+       ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </verb>
 
 <p>The manager prefix /squid-internal-mgr/ with no action attempts to load an optional
@@ -423,6 +424,13 @@ Most user-facing changes are reflected in squid.conf (see below).
    cache manager applications as their front page embedding all scripts, accessors or
    redirects required for their initial GUI display.
 
+<p>MGR_INDEX file
+<itemize>
+   <item>should contain a complete HTML page, with optional client-side scripting.
+   <item>must not contain server-side scripting. 
+   <item>will have macro substitution performed on it using the same macros as used by the error page tempates.
+</itemize>
+
 <p>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
    proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
    to those managers.
@@ -592,10 +600,12 @@ This section gives a thorough account of those changes in three categories:
        <p>The <em>localip</em>/<em>localport</em> differ from earlier releases where they matched a mix of
           of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
           This definition is now consistent across all modes of traffic received by Squid.
-       <p>The <em>manager</em> ACL requires adjustment to cover new cache manager access:
+       <p>The <em>manager</em> ACL requires adjustment to cover new cache manager access. So it has now been
+         built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
         <verb>
-               acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+               ^(cache_object://|https?://[^/]+/squid-internal-mgr/)
         </verb>
+         squid.conf containing the old manager definition can expect to see ACL type collisions.
 
        <tag>auth_param</tag>
        <p>New options for Basic, Digest, NTLM, Negotiate <em>children</em> settings.