On Thu, 10 Mar 2005, squidrunner team wrote:
How might I write an ACL to catch all numeric IP destdomain addresses so that I may deny attempts to circumvent URL regex filters?
Try with the acl settings as,
acl ipdomain urlpath_regex [0-9]*.[0-9]*.[0-9]*.[0-9]*
This will match any URL of 4 characters or more after the host name.. probably not what you want.
urlpath_regex == regex match against the path after the hostname:port.
[0-9]* == zero or more digits
. == any character
and the pattern is not bound to beginning (^) or or end ($) of the requested URL
A more appropriate pattern:
acl ipdomain url_regex ^[^:]*://([^/@]*@)?[0-9\.]*(:|/|$|\?) ^[0-9\.]*$
url_regex == regex pattern match on whole URL
^ beginning of URL [^:]* any text not including : :// :// ([^/@]*@)? optionally a text up to and including @ (login) [0-9\.]* some text consisting of only digits and dots (:|/|\?|$) either : / ? or the end of the URL
^[0-9\.:]*$ only digits, dots and :, for CONNECT
This would obviously be a lot easier to do this if dstdomain_regex had an option to not reverse lookup IP addresses, but it does not have any such option..
Regards Henrik
