Lightsquid reports page has no protection

cylent · Jan 5, 2010, 7:12 AM

is it possible to protect lightsquid reports with a password?

i noticed if you goto http://<pfsenseip>/lightsquid/index.cgi you are immediately granted access.

pls advise.</pfsenseip>

cylent · Jan 5, 2010, 9:12 PM

anybody?

i tried using .httaccess method but it simply isnt working.

cylent · Jan 18, 2010, 6:31 AM

I find this to be a huge security hole because it bypasses admin for anybody on the lan that knows the correct URL …

anybody want to help with this please?

jalgaz · Jan 18, 2010, 11:02 AM

i think you can block access with rules to this ip

JuanjoA
Saludos

cylent · Jan 18, 2010, 11:33 AM

it would be nice if lightsquid had a port i can use to block with.

cylent · Jan 19, 2010, 8:56 AM

and yet still no workable response from the pfsense devs.

i realize lightsquid is an external package but as soon as its accepted into the pfsense package system then pfsense is responsible for it.

jalgaz · Jan 19, 2010, 10:18 AM

i think this is a bug.
really, with rules i cant block the access to the page of lightsquid.

I tried with squid and without squid, with same result, access garanted.

it would be nice if lightsquid had a port i can use to block with.

The gui use port 80 or 443 (http / https)

JuanjoA

cylent · Jan 19, 2010, 10:23 AM

so what you want me to block port 80 then?
i'd have to shift the webgui to another port…
:-[ :-[