On 10/22/2009 10:29 AM, Tim wrote: > On Wed, 2009-10-21 at 22:21 -0400, Mail Lists wrote: >> I believe i can avoid a large number of scans, if I can prevent >> http://[ip] from ever reaching the webserver. > > How many domains do you host? If it's not too many, take the opposite > approach: Have an allow list of your domains, and reject everything > else. >
I guess i wasn't clear - it doesnt work the way you expect. If you put in acl dstdomain my1.com my2.com Those domains are then allowed - but if someone hits the ip - squid cleverly reverses the IP to a domain - if the reversed domain is allowed by the rule then it is allowed.The same thing for dstdom_regex. Hence the original question. -- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
