Search squid archive

Re: ACL and http_access Confusion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



From: Emilio Casbas <ecasbas@xxxxxxx>

Vadim Pushkin escribió:
Hello;

I have an ACL which contains IP addresses that I want to allow outbound requests to.

acl allowed_IPs dstdomain "/net/squid/allowed-IP-Dests"

I have another ACL which is intended to capture all destinations which use an IP address versus FQDN, which one of these two is correct for this purpose?

acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
or
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

Finally, I want to deny all outbound requests to ACL numeric IP's (IP addresses only), *unless* the requested IP address is contained in my ACL "allowed_IPs".

Would the below work for this?

http_access deny CONNECT numeric_IPs !allowed_IPs


If you are going to use in CONNECT you have to use dstdom_regex.
CONNECT only have hostname and port.

Emilio C.

So, replace

acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

with

acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+

and

will this work?

http_access deny CONNECT numeric_IPs !allowed_IPs



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux