> On Mon, 12 Sep 2005, Matus UHLAR - fantomas wrote: > > >however, currently I'm not able to differ if someone entered an this IP (or > >hostname pointing to this IP) or an invalid hostname, and give people > >different error messages. On 14.09 01:30, Henrik Nordstrom wrote: > The first (explicitly entered) can be matched using dstdomain in > 2.5.STABLE10. actually yes, but I consider this as workaround. I also filled a bug according to your next mail (and my original request too): http://www.squid-cache.org/bugs/show_bug.cgi?id=1394 > >I probably could make an exemption in denying 240.0.0.0/4 or allow > >accessing 255.255.255.255, but I found this sick... > > Removing the use of 255.255.255.255 from he dst acl is trivial. In acl.c > look for ACL_DST_IP in aclMatchAcl, and at the end of it's block replace > > return aclMatchIp(&ae->data, no_addr); > > with simply > > return 0; > > this will make dst acls always false if the destination IP can not be > resolved (there is no IP to match the acl against, so it can't be true..) Thanks, I think I'll patch the squid manually now. > Then to match invalid hosts you can use > > acl all_destinations dst 0.0.0.0/0 > http_access deny !all_destinations good to know, when I'll set up multilanguage error messages :) -- Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
