Search squid archive

Re: wildcard for numbers in url whitelisting

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



ok i finally realised for myself why it wasnt working, thanks so much Matus!!!

http_access allow activation - as this is at the top, allows all internet on ports 80 443, so the below is totally ignored
http_access allow whitelist
http_access allow whitelistreg
http_access deny all

http_access allow activation  whitelist - only allows ports above only AND to the certain websites on the whitelist
http_access allow activation  whitelistreg -  only allows ports above only AND to the certain websites on the whitelistreg
http_access deny all - denies all

thanks Amos aswell for pointing out the ssl server name wouldnt do regex

On Thu, 15 Jul 2021 at 15:13, robert k Wild <robertkwild@xxxxxxxxx> wrote:
this is all i have in my urlwhitereg file

\.vsb\.tawk\.to

so i will change it to the below?

\.vsb\.tawk\.to$

also before i made all the changes it was working ie when these lines

http_access allow activation whitelist

it was only allowing those ports and anything in the urlwhite list ie the non regex ssl one and everything else ie that wasnt in the whitelist it was blocking

On Thu, 15 Jul 2021 at 14:02, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx> wrote:
On 15.07.21 13:54, robert k Wild wrote:
>ok this hasnt worked, its allowing all the internet now ie urls

improper regular expressions probably.
Are you aware that regular expressions can match in the middle of string?
you will need to use $ at the end of line e.g.

\.com$

to match .com domains (which is also reason to avoid regexps when posssible)

>#HTTP_HTTPS whitelist websites
>acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
>
>#HTTP_HTTPS whitelist websites regex
>acl whitelistreg ssl::server_name_regex
>"/usr/local/squid/etc/urlwhitereg.txt"

>http_access allow activation

this one should allow whole internet too.

the standard squid config contains ACLs Safe_ports and SSL_ports along with
directives to disallow using other ports, perhaps you should use those.

>http_access allow whitelist
>http_access allow whitelistreg
>http_access deny all
>
>On Thu, 15 Jul 2021 at 13:43, robert k Wild <robertkwild@xxxxxxxxx> wrote:
>
>> activation is an acl for ports, so
>>
>> acl activation port 80 443 8090 9251 # office adobe web
>>
>> On Thu, 15 Jul 2021 at 13:24, Matus UHLAR - fantomas <uhlar@xxxxxxxxxxx>
>> wrote:
>>
>>> On 15.07.21 13:08, robert k Wild wrote:
>>> >#HTTP_HTTPS whitelist websites
>>> >acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
>>> >
>>> >#HTTP_HTTPS whitelist websites regex
>>> >#acl whitelistreg ssl::server_name_regex
>>> >"/usr/local/squid/etc/urlwhitereg.txt"
>>> >
>>>
>>> you must split those to two lines, as all ACLs must match for http_access
>>> line to match:
>>>
>>> http_access allow activation whitelist
>>> http_access allow activation whitelistreg
>>> http_access deny all
>>>
>>> I only can guess what "activation" means.
--
Matus UHLAR - fantomas, uhlar@xxxxxxxxxxx ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
"So does syphillis. Good thing we have penicillin." - Matthew Alton
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


--
Regards,

Robert K Wild.


--
Regards,

Robert K Wild.
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux