Thanks guys. Got this issue resolved. I previously was using the 'url_regex' acl method. I switched over to 'dstdomain' and added a '.' in front of every item on the whitelist. Works like a charm. Michael Alger-3 wrote: > > On Thu, Jul 31, 2008 at 07:16:19AM -0700, mesartwell wrote: >> I just setup a squid proxy server and have blocked all web access >> except for a whitelist of acceptable sites. On the whitelist I >> have .gov, which I intended to allow users to get to all sites >> ending in .gov. However this gives access to unintended sites, >> like 'www.screwthegovernment.com'. Is it possible to specify that >> .gov must be the top level domain? Thanks. > > How did your implement your whitelist? The "dstdomain" ACL is > intended for matching domains and does what you want. > > For all domains ending in .gov, the correct entry is: .gov > > The leading "." indicates that subdomains are also acceptable; > without it, only the specified domain name is okay. For example, > "dstdomain whitehouse.gov" would allow access to > http://whitehouse.gov, but not http://www.whitehouse.gov. > > -- View this message in context: http://www.nabble.com/Allow-all-%27.gov%27-sites-tp18755615p18759110.html Sent from the Squid - Users mailing list archive at Nabble.com.
