Re: [squid-users] Squid and Router

Amos Jeffries wrote:
> stephane lepain wrote:
>> Hi,
>>
>> I have given access to my router webpage configuration from my squid
>> server by adding in
>> *cache_peer 192.168.1.1 parent 3128 3130 login=PASS*
>> That is great because now I can access my router webpage
>> configuration from my server without any problems.
>> Sometimes, I need to access my router on a different PC which is just
>> a client. What can I add into my configuration squid.conf to make
>> that work?
>
> If you have an assigned domain name for your router you can restrict
> only that domain to be redirected to that peer.
>
> Or if the IPs are fixed, you can restrict only the IPs you are going
> to connect to the router from as acceptable sources for the requests
> to the peer.
>
> It's a little weird that you have (only?) proxy-HTCP and ICP access to
> your router for admin. But its your config and you did not post the
> other details, so....
>
> Amos
Hi Amos,

Yes I do have a domain (macitos.fr) and all the IPs are fixed. My goal
here is to access my router from another PC which is just a client and
has 192.168.1.8 for fix ip. With the config below I can access my router
from my server with fix ips 192.168.1.6/7

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
acl MyNetwork src 192.168.1.0/24
acl xchat port 6667

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow CONNECT xchat
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow MyNetwork
http_access allow localhost
http_access deny all

icp_access allow all

http_port 3128

cache_peer 192.168.1.1 parent 3128 3130 login=PASS

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

header_access From deny all
header_access Referer deny all
header_access Server deny all
header_access User-Agent deny all
header_access WWW-Authenticate deny all
header_access Link deny all

Cheers Amos
Received on Thu Jan 31 2008 - 10:28:00 MST