On Thu, Jul 31, 2008 at 07:16:19AM -0700, mesartwell wrote: > I just setup a squid proxy server and have blocked all web access > except for a whitelist of acceptable sites. On the whitelist I > have .gov, which I intended to allow users to get to all sites > ending in .gov. However this gives access to unintended sites, > like 'www.screwthegovernment.com'. Is it possible to specify that > .gov must be the top level domain? Thanks. How did your implement your whitelist? The "dstdomain" ACL is intended for matching domains and does what you want. For all domains ending in .gov, the correct entry is: .gov The leading "." indicates that subdomains are also acceptable; without it, only the specified domain name is okay. For example, "dstdomain whitehouse.gov" would allow access to http://whitehouse.gov, but not http://www.whitehouse.gov.
