Am 27.10.2010 12:10, schrieb Amos Jeffries:
What you need to take away from this is that 1) where possible add whole domains and sets of sub-domains to "A" the first ACL. and 2) always make sure that your second "B" and regex ACL are matched. New rules into the regex need to be checked that the domain(s)the match are in the "B" list.
The problem with 'dstdomain' is, that the exact name must match. Because most sites are available by their domain name and 'www.domainname', I need at least two entries for every domain. A lot of domains bring other subdomains that should also be blocked. That was the reason we used url_regex.
Is there a way to specify something like '*facebook.com'? Otherwise, i'm not sure if dstdomain is the right option for our needs.
Marc