On 7/12/2015 7:38 a.m., Walter H. wrote: > On 06.12.2015 11:07, Yuri Voinov wrote: >> # Numeric IP's acl >> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ >> >> # Deny access to numeric IP's >> http_access deny CONNECT numeric_IPs >> deny_info TCP_RESET numeric_IPs >> > and not to forget IPv6 ... > > acl numeric_IPs_ipv4 dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ > > acl numeric_IPs_ipv6 dstdom_regex ([0-9A-Fa-f]+|\:)+[0-9A-Fa-f]+ > > http_access deny CONNECT numeric_IPs_ipv4 > deny_info TCP_RESET numeric_IPs_ipv4 > > http_access deny CONNECT numeric_IPs_ipv6 > deny_info TCP_RESET numeric_IPs_ipv6 OR IPv4-mapped address format, OR that port can be included, OR the fact that raw-IP can be used on any request.. acl ips ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|[0-9\.]+)?\]))(:[0-9])?$ http_access deny CONNECT ips deny_info TCP_RESET ips Getting complicated... So xxiao8, why does one want to censor these requests anyway? Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
