Search squid archive

Re: configuring acl for blocking (URLs and IPs/Subnets)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks Amos.

For handling subnets, do i need to create a separate ACL? or it can be
clubbed in the list of IPs?

acl aclname dst [-n] ip-address/mask
OR

acl aclname dst "subnets_file"

The documentation http://www.squid-cache.org/Doc/config/acl/ mentions
that this is a slow acl.
How does this work actually? Is it so that for each request, a dns
query is done and matched against this acl?

Regards

On Tue, Oct 15, 2013 at 9:44 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 15/10/2013 4:59 p.m., Sachin Gupta wrote:
>>
>> Hi All,
>>
>> I have setup a list of URLs  and IPs dumped into a file which need to
>> be blocked.
>> acl is setup as per documentation:
>
>
> ??
>
>
>> However, upon testing, the IPs are not getting blocked. Also there are
>> some subnets in the same file. Those are also not getting blocked.
>>
>> Is there a special handling required here? or this approach is
>> incorrect for blocking IPs or subnets?
>
>
> Based on the description I guess you have one file witha mix of things to
> block on.
> You need the file to be separated into different sets of properties.
>
> For example:
>  * one list of IPs
>  * one list of domains
>  * one list of full-URL regex patterns
>  * one list of path-only regex patterns
>
> Each set needs to be configured as a different ACL name and type defining
> what property of the transation is to be tested against the values listed in
> that set.
> Then the http_access controls designed to test the ACLs and determine
> whetherit gets allowed/denied when the ACL matches.
>
> More details can be found at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
>
> Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux