We are using Debian Wheezy with squid as a router / proxy server. Users can get information about the traffic handled by squid through a local web interface we've created on the device. The issue I have is it looks as though squid see's requests from apache2 as coming from one of the WAN interface (eth0) when this is enabled and not either the LAN (eth7) or localhost. In order to allow the web interface to access cachemgr in squid I have to add a rule: http_access allow manager WANIPADDRESS When the WAN is unplugged squid serves the page correctly, even without the rule above, so I assume it sees the request as coming from the LAN. Can anyone tell me how to configure Apache2 to run on localhost or my LAN port all the time when accessing Squid? (I assume this is the problem, either that or php is determining the source port) Thanks in advance
Check out this tutorial, http://www.howtoforge.com/how-to-set-up-a-caching-reverse-proxy-with-squid-2.6-on-debian-etch It is outdated but it might help in your case too.
Thanks for the reply Srijan but unfortunately I don't believe it brings any joy. Realistically the problem appears to be with apache or php in terms of the IP address these web requests are coming from. Unlike your scenario we are simply running a webpage on here to control the router functionality of the box. Requests to the control webpage don't route via squid are accessed simply via the lan IP of the device it's just when we try to get info from squid via the control webpage that squid appear to see the request coming from the WAN interface, when open. If the WAN interface is closed squid sees the request from the boxes LAN ip which is fine. The reason I want to fix it is that the WAN ip will change frequently and whilst I could rewrite squid rules when this happens it seems really messy.
Just by way of update I think I finally figured this one out. The reason I was picking up the WAN address is I had squid configured for Transparent mode, http_port 3128 transparent, when I removed the transparent element squid allows the access without issue. So my work arround, as I wanted to keep transparent mode was to simply open another port that was used to access that element, ie my config now includes: http_port 3128 transparent http_port 3129 Hope this helps someone.