Hi Chris, I've already tried that config. It does not work for my config because I am using xforwardedfor setting. Therefore Squid recognize all clients with their internal IP adresses. So i have to allow my network address to connect squid. This causes any client capable of changing proxy settings may connect Squid directly instead of DG which is not desired. In scenario, using only 1 computer with squid and DG installed, there is nothing to worry about. Because http_port is 127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to connect, i have to change http_port to 3128 only. So, i assume http_port settings may be the answer. So is there an answer? On 8/11/06, Chris Robertson <crobertson@xxxxxxx> wrote:
Birol AKBAY wrote: > Hi, > I have 2 computers, let say > A :192.168.0.10 > and > B : 192.168.0.11 > > For A, > Squid 2.6 Stable1, DG 2.9.7.1 are installed. > > For B, > Only DG 2.9.7.5 is installed. > > My purpose is; > Squid must listen only 127.0.0.1:3128(for comp. A) and 192.168.0.28 > for requests from Computer B's IP. Other connection requests should be > discarded. All requests should be forwarded to squid from DG installed > on A and B. > > To do this; > I changed http_port to 3128 from 127.0.0.1:3128. In this case, any > client who can change his/her proxy settings is able to connect proxy > directly.(As expected) This works, but not suitable for my purpose. > > What will be the correct conf? For what it's worth, I have not migrated to Squid 2.6 yet. These instructions may not work. This is extremely simplified, but... acl DansB src 192.168.0.11 http_access allow DansB http_access allow localhost http_access deny all ...should cover your needs. Placement in a full squid.conf is left as an exercise for the reader (Hint 1: keep the http_access lines listed as a group. Hint 2: the http_access deny all should already be part of your squid.conf). > > A simple diagram for struc. > ----------------------------------------------- > > Client Group 1 ----------------> B > | > Client Group 2 ----------------> A ----- Internet > > Chris
-- Birol AKBAY birolakbay@xxxxxxxxx