On 27/07/10 7:32 AM, "Mellem, Dan" <Dan.Mellem@xxxxxxxxxxxxxxxx> wrote: > Instead of dstdomain, you could use a regular expression. You could use a > pattern like: > > ^(www\.)?(google\.com?(\...)?) > > Which would catch: > google.co > google.com > google.co.XX where XX is any two characters > google.com.XX "" "" > (with and without www.) This would only "optionally" block www.google.com and any subs, but there are heaps of sub domains associated with google. Henrick's solution is still the cleanest. Of course, just blocking it on a CONNET method should also work. acl CONNECT method CONNECT acl google dstdomain .google.com http_access deny CONNECT google Not sure how much different that is from Henricks solution but if (for some unknown reason) google opened port 443 as non-ssl, had a legit site that wasn't encrypted, and you had 443 in your safe-port list, then this method "should" still work cleanly. Scott This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organisation. Finally, the recipient should check this email and any attachments for the presence of viruses. The organisation accepts no liability for any damage caused by any virus transmitted by this email.
