Lightsquid reports page has no protection

cylent

is it possible to protect lightsquid reports with a password?

i noticed if you goto http://<pfsenseip>/lightsquid/index.cgi you are immediately granted access.

pls advise.</pfsenseip>

cylent

anybody?

i tried using .httaccess method but it simply isnt working.

cylent

I find this to be a huge security hole because it bypasses admin for anybody on the lan that knows the correct URL …

anybody want to help with this please?

jalgaz

i think you can block access with rules to this ip

JuanjoA
Saludos

cylent

it would be nice if lightsquid had a port i can use to block with.

cylent

and yet still no workable response from the pfsense devs.

i realize lightsquid is an external package but as soon as its accepted into the pfsense package system then pfsense is responsible for it.

jalgaz

i think this is  a bug.
really, with rules i cant block the access to the page of lightsquid.

I tried with squid and without squid, with same result, access garanted.

it would be nice if lightsquid had a port i can use to block with.

The gui use port 80 or 443 (http / https)

JuanjoA

cylent

so what you want me to block port 80 then?
i'd have to shift the webgui to another port…
:-[ :-[