Re: [squid-users] Squid and Router

From: Amos Jeffries <squid3@dont-contact.us>
Date: Fri, 1 Feb 2008 09:41:16 +1300 (NZDT)

> Amos Jeffries wrote:
>> stephane lepain wrote:
>>> Hi,
>>>
>>> I have given access to my router webpage configuration from my squid
>>> server by adding in
>>> *cache_peer 192.168.1.1 parent 3128 3130 login=PASS*
>>> That is great because now I can access my router webpage
>>> configuration from my server without any problems.
>>> Sometimes, I need to access my router on a different PC which is just
>>> a client. What can I add into my configuration squid.conf to make
>>> that work?
>>
>> If you have an assigned domain name for your router you can restrict
>> only that domain to be redirected to that peer.
>>
>> Or if the IPs are fixed, you can restrict only the IPs you are going
>> to connect to the router from as acceptable sources for the requests
>> to the peer.
>>
>> It's a little weird that you have (only?) proxy-HTCP and ICP access to
>> your router for admin. But its your config and you did not post the
>> other details, so....
>>
>> Amos
> Hi Amos,
>
> Yes I do have a domain (macitos.fr) and all the IPs are fixed. My goal
> here is to access my router from another PC which is just a client and
> has 192.168.1.8 for fix ip. With the config below I can access my router
> from my server with fix ips 192.168.1.6/7
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl purge method PURGE
> acl CONNECT method CONNECT
> acl MyNetwork src 192.168.1.0/24
> acl xchat port 6667

acl admin src 192.168.1.8 127.0.0.1

>
> http_access allow manager localhost
> http_access deny manager
> http_access allow purge localhost
> http_access deny purge
> http_access allow CONNECT xchat
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny to_localhost
> http_access allow MyNetwork
> http_access allow localhost
> http_access deny all
>
> icp_access allow all
>
> http_port 3128
>
> cache_peer 192.168.1.1 parent 3128 3130 login=PASS

cache_peer access 192.168.1.1 allow admin
cache_peer_acces 192.168.1.1 deny all

>
> acl QUERY urlpath_regex cgi-bin \?
> cache deny QUERY
>
> header_access From deny all
> header_access Referer deny all
> header_access Server deny all
> header_access User-Agent deny all
> header_access WWW-Authenticate deny all
> header_access Link deny all
>

That should do it.

Amos
Received on Thu Jan 31 2008 - 13:41:18 MST

This archive was generated by hypermail pre-2.1.9 : Fri Feb 01 2008 - 12:00:05 MST