RE: [squid-users] acl to deny https url from one src addy

From: Chris Robertson <[email protected]>
Date: Mon, 29 Nov 2004 09:47:08 -0900

Are you sure the "bad" address is using the Squid server to connect to
Secure Sites? In any case, change the acl "badurl" to:

acl badurl dstdomain .bad.site

(note the leading period. Leave it off if you don't want to block
subdomains.) url_regex is CPU intensive.

Chris

-----Original Message-----
From: Steve Brown [mailto:sbrown@taz.qinetiq.com]
Sent: Friday, November 26, 2004 3:15 AM
To: squid-users@squid-cache.org
Subject: [squid-users] acl to deny https url from one src addy

Hi list,

What's the best way to stop a particular IP address from getting access
to a https url?

I've tried:

acl badurl url_regex ^https://bad.site/*
acl badaddy src 1.2.3.4/32
http_access deny badurl badaddy

and that works for plain http urls, but doesn't for httpS, presumably
because of the connect method bypassing the acl?

and adding
http_access deny CONNECT badurl badaddy

didn't fix it. Naturally I'm overlooking something?

Steve
Received on Mon Nov 29 2004 - 11:47:16 MST

This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST