From: Emilio Casbas <ecasbas@xxxxxxx>
Vadim Pushkin escribió:
Hello;
I have an ACL which contains IP addresses that I want to allow outbound
requests to.
acl allowed_IPs dstdomain "/net/squid/allowed-IP-Dests"
I have another ACL which is intended to capture all destinations which use
an IP address versus FQDN, which one of these two is correct for this
purpose?
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
or
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
Finally, I want to deny all outbound requests to ACL numeric IP's (IP
addresses only), *unless* the requested IP address is contained in my ACL
"allowed_IPs".
Would the below work for this?
http_access deny CONNECT numeric_IPs !allowed_IPs
If you are going to use in CONNECT you have to use dstdom_regex.
CONNECT only have hostname and port.
Emilio C.
So, replace
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
with
acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
and
will this work?
http_access deny CONNECT numeric_IPs !allowed_IPs
