Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL Question - (urlpath_r

From: Vadim Pushkin <[email protected]>
Date: Thu, 25 Oct 2007 21:12:43 -0400

yes, for now, because I see no reason that they should be allowed. The FQDN
ones are a nightmare to maintain, it seems every webmail, banking site, etc
wants it.

.vp

>From: Chris Robertson <crobertson@gci.net>
>To: squid-users@squid-cache.org
>Subject: Re: [squid-users] Can ANyone Help Me Re: [squid-users] ACL
>Question - (urlpath_r
>Date: Thu, 25 Oct 2007 13:57:49 -0800
>
>Vadim Pushkin wrote:
>>
>>
>>>From: "Amos Jeffries" <squid3@treenet.co.nz>
>>
>>> >>From: Chris Robertson <crobertson@gci.net>
>>> >
>>> >>> > Hello All;
>>> >>> >
>>> >>> > I have a rule which blocks the use of CONNECT based on the
>>> >>> > user calling an IP address vs. FQDN, this works great!
>>> >>> >
>>> >>> > I am able to specify allowed IP addresses by adding them into
>>> >>> > /squid/etc/allow-ip-addresses.
>>>
>>>dtsdomain matches against the requested hostname. As text.
>>> So that acl matches only if the client requests with an IP where it
>>>should have a hostname (ie CONNECT 10.0.0.0:443 HTTP/1.1)
>>
>>Precisely what I am trying to do, stop CONNECT to requests which use an IP
>>vs a hostname.
>
>
>Let me see if I have this straight... You want to block CONNECT to IP
>address, except those that are explicitly allowed, but allow CONNECT to any
>FQDN. Is this correct?
>
>Chris
Received on Thu Oct 25 2007 - 19:12:52 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:02 MDT