On 3/06/2013 8:51 a.m., joel123 wrote:
On my network, I've got IM clients and games that connect to numeric IPs.
I use a rule to always allow specific network to connect to numeric IPs:
acl ipdomain url_regex ^[^:]*://([^/@]*@)?[0-9\.]*(:|/|$|\?) ^[0-9\.]*$
http_access allow limited_net ipdomain
But these clients also make CONNECT requests to these numeric IPs at port 80
and 443.
I can control CONNECT with
http_access deny CONNECT !CONNECT_ports
but how can I control CONNECT for a specific network?
ie:
http_access allow connect_allowed_net CONNECT CONNECT_ports
Yes, exactly like your example.
Have you read the FAQ yet where it explains how access controls work?
http://wiki.squid-cache.org/SquidFaq/SquidAcl
Ultimately, can I say, allow limited_net to make CONNECT requests to
specific PORTs to numeric IPs.
something like:
http_access allow limited_net CONNECT CONNECT_ports
Anyway to achieve that?
Yes. Exactly as you wrote above.
However, where you place that in your config file matters. The
http_access controls are a order-dependent sequence of security
permissions tested for the request. The documentation of how they work
under "Access Lists" section of the wiki FAQ article I linked to
explains all that.
Amos
