Re: [squid-users] One Squid and 2 DG Connection Restriction Howto ?? from Birol AKBAY on 2006-08-11 (squid-users)

From: Birol AKBAY <birolakbay@dont-contact.us>
Date: Fri, 11 Aug 2006 12:28:34 +0300

Hi Chris,
I've already tried that config. It does not work for my config because
I am using xforwardedfor setting. Therefore Squid recognize all
clients with their internal IP adresses. So i have to allow my network
address to connect squid. This causes any client capable of changing
proxy settings may connect Squid directly instead of DG which is not
desired. In scenario, using only 1 computer with squid and DG
installed, there is nothing to worry about. Because http_port is
127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to
connect, i have to change http_port to 3128 only.
So, i assume http_port settings may be the answer. So is there an answer?

On 8/11/06, Chris Robertson <crobertson@gci.net> wrote:
> Birol AKBAY wrote:
> > Hi,
> > I have 2 computers, let say
> > A :192.168.0.10
> > and
> > B : 192.168.0.11
> >
> > For A,
> > Squid 2.6 Stable1, DG 2.9.7.1 are installed.
> >
> > For B,
> > Only DG 2.9.7.5 is installed.
> >
> > My purpose is;
> > Squid must listen only 127.0.0.1:3128(for comp. A) and 192.168.0.28
> > for requests from Computer B's IP. Other connection requests should be
> > discarded. All requests should be forwarded to squid from DG installed
> > on A and B.
> >
> > To do this;
> > I changed http_port to 3128 from 127.0.0.1:3128. In this case, any
> > client who can change his/her proxy settings is able to connect proxy
> > directly.(As expected) This works, but not suitable for my purpose.
> >
> > What will be the correct conf?
> For what it's worth, I have not migrated to Squid 2.6 yet. These
> instructions may not work.
>
> This is extremely simplified, but...
>
> acl DansB src 192.168.0.11
> http_access allow DansB
> http_access allow localhost
> http_access deny all
>
> ...should cover your needs. Placement in a full squid.conf is left as
> an exercise for the reader (Hint 1: keep the http_access lines listed as
> a group. Hint 2: the http_access deny all should already be part of
> your squid.conf).
> >
> > A simple diagram for struc.
> > -----------------------------------------------
> >
> > Client Group 1 ----------------> B
> > |
> > Client Group 2 ----------------> A ----- Internet
> >
> >
> Chris
>

-- 
Birol AKBAY
birolakbay@gmail.com

Received on Fri Aug 11 2006 - 03:28:39 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT