Search squid archive

Re: squid 3.4, dstdomain

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/12/2015 11:02 p.m., Massimo.Sala wrote:
> 2015/12/10 10:33:49| ERROR: '.addons.mozilla.org' is a subdomain of 
> 'addons.mozilla.org'
> 
> 
> I thought
>         addons.mozilla.org              blocks only these hostname


ACLs do not block anything. Access Controls do.

This value tells Squid that addons.mozilla.org is an exact-match. Any
sub-domain is to be a non-match.


> 
>         .addons.mozilla.org             blocks all the sub-domains, like 
> www.addons.mozilla.org etc.addons.mozilla.org


This one tells Squid that "addons.mozilla.org" and *all* sub-domains are
to match true.


> 
> Which are the parsing rules of squid 3.4 ?

Each entry in the dstdomain ACL must be a unique and distinct match. The
two ranges of possible domain names above overlap.


Squid uses splay trees internally. So when there are two overlapping
entries, which one will be found and tested against will change randomly
based on how other things affect the splay. Which will cause random
rejections for the *.addons.mozilla.org sub-domains.

Thus having both is a problem. Which way around you place them in the
list of ACL values determins whether Squid can drop one (and just warn)
or not (the error).

Amos

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux