Birol AKBAY wrote:
> Hi Chris,
> I've already tried that config. It does not work for my config because
> I am using xforwardedfor setting.
Ah, new information...
> Therefore Squid recognize all
> clients with their internal IP adresses. So i have to allow my network
> address to connect squid. This causes any client capable of changing
> proxy settings may connect Squid directly instead of DG which is not
> desired. In scenario, using only 1 computer with squid and DG
> installed, there is nothing to worry about. Because http_port is
> 127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to
> connect, i have to change http_port to 3128 only.
> So, i assume http_port settings may be the answer. So is there an answer?
>
Are you using XFF strictly for logging, or do you have ACLs? If it's
strictly for logging (and XFF on 2.6 behaves like the XFF patch for 2.5)
then omitting "acl_uses_indirect_client on" would solve your problem,
but you are probably aware of that...
So, in this case, I'd use iptables...
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -s 192.168.2.11 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j REJECT
...or something like that.
Chris
Received on Fri Aug 11 2006 - 11:43:19 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:02 MDT