> > Squid can handle these by itself. With a regular "squid -k reconfigure" > after updating the files. > > For the list of pure hostnames a "dstdomain" acl is the best. > For the list of URI snippets a "urlpath_regex" acl probably with "-i" is > needed. > > If the domain/ip file is an pruned version of the domains with URI > entries, then the URI may not be useful as its all caught by the domain. > If they are different then yes both have a use. > > Amos > > [Tom replied with:] Amos, would you then recommend that the domain acl be listed before the url acl? That would block by domain if a url included an entry in the domain list - if that's the desired result, thus avoiding the expensive (resource wise) urlpath_regex lookup. I guess it would all depend on the desired results but something that should be considered when implementing acls. Thomas J. Raef e-Based Security, LLC www.ebasedsecurity.com 1-866-838-6108 "You're either hardened, or you're hacked!"
