From: Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx>
> 1. I would like to create a list of either domains, sites and/or IP
> addresses that would be used to restrict the use of CONNECT to just
> sites/URL's contained in this list.
Perfect fit for a dstdomain acl, maybe combined with a dst acl if by IP
you mean actual IPs, not just IPs entered as part of the URL.
So, add this?
cat /home/squid/etc/allowed-connect-SITES
10.122.12.212
www.allowed-to-here.com
192.168.111.12
acl allowed-CONNECT dstdomain -i "/home/squid/etc/allowed-connect-SITES"
method CONNECT
# or
# acl allowed-CONNECT dstdomain -i "/home/squid/etc/allowed-connect-SITES"
http_access deny CONNECT !allowed-CONNECT
I've made the acl above with a "-i" because the URL, which would contain
either an IP address or domain, *may* only be a prt of the entire URL as the
user gets deeper into the website.
Finally, I am only guessing that -i works with dstdomain :-)
.vp
