Search squid archive

Re: Can ANyone Help Me Re: [squid-users] ACL Question - (urlpath_r

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



yes, for now, because I see no reason that they should be allowed. The FQDN ones are a nightmare to maintain, it seems every webmail, banking site, etc wants it.

.vp


From: Chris Robertson <crobertson@xxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Can ANyone Help Me Re: [squid-users] ACL Question - (urlpath_r
Date: Thu, 25 Oct 2007 13:57:49 -0800

Vadim Pushkin wrote:


From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>

>>From: Chris Robertson <crobertson@xxxxxxx>
>
>>> > Hello All;
>>> >
>>> > I have a rule which blocks the use of CONNECT based on the
>>> > user calling an IP address vs. FQDN, this works great!
>>> >
>>> > I am able to specify allowed IP addresses by adding them into
>>> > /squid/etc/allow-ip-addresses.

dtsdomain matches against the requested hostname. As text.
 So that acl matches only if the client requests with an IP where it
should have a hostname (ie CONNECT 10.0.0.0:443 HTTP/1.1)

Precisely what I am trying to do, stop CONNECT to requests which use an IP vs a hostname.


Let me see if I have this straight... You want to block CONNECT to IP address, except those that are explicitly allowed, but allow CONNECT to any FQDN. Is this correct?

Chris



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux