Birol AKBAY wrote:
Hi Chris,
I've already tried that config. It does not work for my config because
I am using xforwardedfor setting.
Ah, new information...
Therefore Squid recognize all
clients with their internal IP adresses. So i have to allow my network
address to connect squid. This causes any client capable of changing
proxy settings may connect Squid directly instead of DG which is not
desired. In scenario, using only 1 computer with squid and DG
installed, there is nothing to worry about. Because http_port is
127.0.0.1:3128 so only local DG can connect. However if 2. DG tries to
connect, i have to change http_port to 3128 only.
So, i assume http_port settings may be the answer. So is there an answer?
Are you using XFF strictly for logging, or do you have ACLs? If it's
strictly for logging (and XFF on 2.6 behaves like the XFF patch for 2.5)
then omitting "acl_uses_indirect_client on" would solve your problem,
but you are probably aware of that...
So, in this case, I'd use iptables...
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -s 192.168.2.11 -j ACCEPT
iptables -A INPUT -p tcp --dport 3128 -j REJECT
...or something like that.
Chris