Re: domain-based restrictions

From: Florian Lohoff <[email protected]>
Date: Thu, 18 Jul 1996 15:57:49 +0200 (MET DST)

Nigel Metheringham typed this originally:
> } >Nice, but I prefer this way:
> } >
> } >acl localnet .my.domain.com
> } >http_acces allow localnet
> } >
> } >so sorry it's not supported :(
> }
> } I think I agree with Alexander about this one, we (as a University) have
> } approx. 25 class 'C' nets, so I would have to list a lot of nets, whilst a
> } single 'acl domain' could cover all eventualities, even sub-domains.
>
> Can't you aggregate any of these C's?
>
> The problem is that 'acl domain' would require a reverse DNS lookup
> on each incoming request, and that can be painful speedwise for
> something like squid! I guess it could be coded in in a reasonably
> fast method but it would cost for all incoming requests (not just
> those in the mentioned domains).
>

Normally this wouldn be that painful as if you only allow your domain
to request you would have the DNS records for this domain also locally
so DNS request wont take seconds ....

Flo

-- 
Florian Lohoff, E-Mail flo@mini.gt.owl.de, MacOS, AmigaOS & Linux
Voice: +49-5241-340796  Data: +49-5241-3286/7/8/9 337180/1
Privates Internet Ostwestfalen-Lippe, Guetersloh - http://www.gt.owl.de
Received on Thu Jul 18 1996 - 06:59:37 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:37 MST