On Mon, 12 Sep 2005, Matus UHLAR - fantomas wrote:
however, currently I'm not able to differ if someone entered an this IP (or
hostname pointing to this IP) or an invalid hostname, and give people
different error messages.
The first (explicitly entered) can be matched using dstdomain in
2.5.STABLE10.
I probably could make an exemption in denying 240.0.0.0/4 or allow
accessing 255.255.255.255, but I found this sick...
Removing the use of 255.255.255.255 from he dst acl is trivial. In acl.c
look for ACL_DST_IP in aclMatchAcl, and at the end of it's block replace
return aclMatchIp(&ae->data, no_addr);
with simply
return 0;
this will make dst acls always false if the destination IP can not be
resolved (there is no IP to match the acl against, so it can't be true..)
Then to match invalid hosts you can use
acl all_destinations dst 0.0.0.0/0
http_access deny !all_destinations
Regards
Henrik
