On 29/02/20 2:26 am, Andrea Venturoli wrote: > Hello. > > In some corporate environment it might be desiderable to have all > clients use the internal DNS. > This is easily done with firewalls until DNS-over-HTTP comes into play. > > How does Squid deals with this? DoH is just HTTP messages like any other. Squid handles them the same ways. > How to block it? With ACL that identify the relevant messages: acl dns-query-url urlpath_regex ^/dns-query\?? acl dns-req-message req_header Content-Type ^application/dns-message$ acl doh_request any-of dns-query-url dns-req-message acl doh_reply rep_header Content-Type ^application/dns-message$ Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
