From: Amos Jeffries <squid3@treenet.co.nz>
Date: Mon, 19 Nov 2012 05:40:01 +0000 (-0700)
Subject: Release Notes: update manager ACL and MGR_INDEX documentation
X-Git-Tag: SQUID_3_4_0_1~480
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a62b985eef0710d458bd67ad775483906b1ef7ae;p=thirdparty%2Fsquid.git

Release Notes: update manager ACL and MGR_INDEX documentation
---

diff --git a/doc/release-notes/release-3.2.sgml b/doc/release-notes/release-3.2.sgml
index a12767ca96..aee57b9462 100644
--- a/doc/release-notes/release-3.2.sgml
+++ b/doc/release-notes/release-3.2.sgml
@@ -412,9 +412,10 @@ Most user-facing changes are reflected in squid.conf (see below).
 <p>The cache manager is available under the path prefix /squid-internal-mgr/. For example
    the URL http://example/com/squid-internal-mgr/menu will bring up the manager menu. This
    means there are some configuration changes required to lock down manager access.
-   The <em>manager</em> ACL needs changing to:
+   The <em>manager</em> ACL needs changing. A built-in definition is now used, equivalent
+   to the following regex pattern:
 <verb>
-	acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+	^(cache_object://|https?://[^/]+/squid-internal-mgr/)
 </verb>
 
 <p>The manager prefix /squid-internal-mgr/ with no action attempts to load an optional
@@ -423,6 +424,13 @@ Most user-facing changes are reflected in squid.conf (see below).
    cache manager applications as their front page embedding all scripts, accessors or
    redirects required for their initial GUI display.
 
+<p>MGR_INDEX file
+<itemize>
+   <item>should contain a complete HTML page, with optional client-side scripting.
+   <item>must not contain server-side scripting. 
+   <item>will have macro substitution performed on it using the same macros as used by the error page tempates.
+</itemize>
+
 <p>Version 3.2 of the CGI cache manager tool now presents XHR scripted probes to detect
    proxies presenting these manager index pagess and provides direct HTTP/HTTPS web links
    to those managers.
@@ -592,10 +600,12 @@ This section gives a thorough account of those changes in three categories:
 	<p>The <em>localip</em>/<em>localport</em> differ from earlier releases where they matched a mix of
 	   of an invalid IP and port 0, the client destination IP/port or the Squid listening IP/port.
 	   This definition is now consistent across all modes of traffic received by Squid.
-	<p>The <em>manager</em> ACL requires adjustment to cover new cache manager access:
+	<p>The <em>manager</em> ACL requires adjustment to cover new cache manager access. So it has now been
+	  built-in as a predefined ACL name matching URLs equivalent to the following regular expression:
         <verb>
-		acl manager url_regex -i ^cache_object:// ^https?://[^/]+/squid-internal-mgr/
+		^(cache_object://|https?://[^/]+/squid-internal-mgr/)
         </verb>
+	  squid.conf containing the old manager definition can expect to see ACL type collisions.
 
 	<tag>auth_param</tag>
 	<p>New options for Basic, Digest, NTLM, Negotiate <em>children</em> settings.