yes, for now, because I see no reason that they should be allowed. The FQDN
ones are a nightmare to maintain, it seems every webmail, banking site, etc
wants it.
.vp
From: Chris Robertson <crobertson@xxxxxxx>
To: squid-users@xxxxxxxxxxxxxxx
Subject: Re: Can ANyone Help Me Re: [squid-users] ACL
Question - (urlpath_r
Date: Thu, 25 Oct 2007 13:57:49 -0800
Vadim Pushkin wrote:
From: "Amos Jeffries" <squid3@xxxxxxxxxxxxx>
>>From: Chris Robertson <crobertson@xxxxxxx>
>
>>> > Hello All;
>>> >
>>> > I have a rule which blocks the use of CONNECT based on the
>>> > user calling an IP address vs. FQDN, this works great!
>>> >
>>> > I am able to specify allowed IP addresses by adding them into
>>> > /squid/etc/allow-ip-addresses.
dtsdomain matches against the requested hostname. As text.
So that acl matches only if the client requests with an IP where it
should have a hostname (ie CONNECT 10.0.0.0:443 HTTP/1.1)
Precisely what I am trying to do, stop CONNECT to requests which use an IP
vs a hostname.
Let me see if I have this straight... You want to block CONNECT to IP
address, except those that are explicitly allowed, but allow CONNECT to any
FQDN. Is this correct?
Chris
