Search squid archive

Re: configuring acl for blocking (URLs and IPs/Subnets)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



It cant be asked to read from a file?
acl aclname dst "subnets_file"

with subnets_file having entries like:
192.0.2.192/27
...
...
...

Wont this work?

Regards

On Tue, Oct 15, 2013 at 1:45 PM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote:
> On 15/10/2013 8:28 p.m., Sachin Gupta wrote:
>>
>> Thanks Amos.
>>
>> For handling subnets, do i need to create a separate ACL? or it can be
>> clubbed in the list of IPs?
>>
>> acl aclname dst [-n] ip-address/mask
>> OR
>>
>> acl aclname dst "subnets_file"
>
>
> The format is start-finish/mask. With finish and mask both being optional.
> So...
>
> acl foo dst 192.0.2.1
> acl foo dst 192.0.2.20-192.0.2.24
> acl foo dst 192.0.2.128-192.0.2.192/25
> acl foo dst 192.0.2.192/27
>
> are all valid entries. As are any IPv6 addresses in the same format.
>
>
>> The documentation http://www.squid-cache.org/Doc/config/acl/ mentions
>> that this is a slow acl.
>> How does this work actually? Is it so that for each request, a dns
>> query is done and matched against this acl?
>
>
> Yes. Exactly that reason.
>
> Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux