Search squid archive

prevent access to private ips

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi,

we want to block access to urls containing private ips like

	http://172.20.1.50


local-lan -> "internet-squid" -> firewall -> squid-dmz

we want or have to block access on "internet-squid". this squid will
then forward all the queries to proxy "squid-dmz", which is connected to
the internet. only squid-dmz can or should do dns-lookups.

our acl rools on "internet-squid": 

file dst_privateip	
	# class A, 10.0.0.0/8
	# class B, 172.16.0.0/12
	# class C, 192.168.0.0/16
	10.0.0.0/255.0.0.0
	172.16.0.0/255.240.0.0
	192.168.0.0/255.255.0.0

squid.conf
	acl dst_privateip dst "dst_privateip"
	http_access deny all dst_privateip


problem is, that "internet-squid" will do dns-lookups with "dst". our
internal dns-server don't know any addresses from the internet. so there
are way to many queries.

how can we prevent access those urls? which is the best way to write the
acl? url_regex? is there any chance to have a dst acl without
dnslookups?

markus


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux