Vadim Pushkin wrote:
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>>>From: Chris Robertson <crobertson@xxxxxxx> > >>> > Hello All; >>> > >>> > I have a rule which blocks the use of CONNECT based on the >>> > user calling an IP address vs. FQDN, this works great! >>> > >>> > I am able to specify allowed IP addresses by adding them into >>> > /squid/etc/allow-ip-addresses. dtsdomain matches against the requested hostname. As text. So that acl matches only if the client requests with an IP where it should have a hostname (ie CONNECT 10.0.0.0:443 HTTP/1.1)Precisely what I am trying to do, stop CONNECT to requests which use an IP vs a hostname.
Let me see if I have this straight... You want to block CONNECT to IP address, except those that are explicitly allowed, but allow CONNECT to any FQDN. Is this correct?
Chris
