On Tue, 10 Aug 2010 16:26:07 +0200, Barry Irwin <bvi@xxxxxxxxxxxxxx> wrote: > On 10/08/2010 11:34, John Doe wrote: >> From: Scott Keith (NHS National Services Scotland) <keith@xxxxxxx> >> >> >>> Hi, I've been trying to find out if it's possible to get squid to deny >>> access >>> to websites via an IP in the URL. I've had a fairly good Google around >>> o= n how >>> to do this but I just keep finding out about blocking access to a sin= >>> gle IP >>> whereas I just want to block access all websites via IP addresses. >>> I know a solution to this can be implemented via ufbdguard and >>> probably >>> squidguard but I am only looking for a squid only solution just now. >>> >> You could do it with an external acl. >> But I am wondering if you could also use something like: >> acl notanip dstdom_regex [^0-9\.] >> Not sure if dstdom works on IPs... >> > > The following should work > > > #stuff we need for trapping Skype connects > acl numericIp urlpath_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ Matches an IP anywhere in the *path* portion. ie http://example.com/192.168.255.255 NP: there is no path portion for CONNECT requests only a destination domain and port. I'm very surprised this works for you. Perhapse you actually have the dstdom_regex or the url_regex. Amos
