Re: [squid-users] Squid white list

2022-07-14 Thread Amos Jeffries 

On 14/07/22 23:16, Ben Goz wrote:
Can you please recommend on a programmatic way to list all links in case 
that domain A links media also from domain B but I added manually only 
domain A?




For that you will need the list of domains to be in some dynamically 
generated database. Along with a content adaptation module (may or may 
not be available publicly) to parse and process all HTML going through 
the proxy that updates your database. Maybe also TLS decryption of 
traffic so it can be passed to the adapter.


You can in some situations check the Referer header URLs against your 
whitelist. But that is not available on TLS traffic, unpredictable 
whether Referer even arrives on non-TLS and can be easily forged by 
clients to bypass proxy rules.


HTH
Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid white list

2022-07-14 Thread Ben Goz 

By the help of God.

On 14/07/2022 12:10, Amos Jeffries wrote:

On 5/07/22 02:12, Ben Goz wrote:

By the help of God.

Hi,
I want to use squid access list to implement white list of group of 
urls.
If I want to while list domain example.com  and 
this website invokes http requests to
domain example-a.com  which is not included in 
my white list so squid denied this request,

which could break to page from example.com .

What is the recommended way to solve this problem without manually 
including all domains to white list?




So ... two different domain names (A and B) need to be added to a 
whitelist as separate entries. That does not sound like a problem to 
me, it is normal for any type of list to have an entry for each 
distinct thing listed.
Can you please recommend on a programmatic way to list all links in case 
that domain A links media also from domain B but I added manually only 
domain A?



If your problem is that there are *sub*-domains in a 
dstdomain/srcdomain list, use wildcard entries. That is done by 
omitting the subdomain label(s), leaving one entry starting a '.' like 
so:

  acl foo dstdomain .example.com

If your problem is actually that there is a pattern to domain names 
TLD portion then you might use regex. Almost all ACl types have a 
*_regex variant. Like so:

  acl foo dstdom_regex example(\-[a-z])?\.com$


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Re: [squid-users] Squid white list

2022-07-14 Thread Amos Jeffries 

On 5/07/22 02:12, Ben Goz wrote:

By the help of God.

Hi,
I want to use squid access list to implement white list of group of urls.
If I want to while list domain example.com  and this 
website invokes http requests to
domain example-a.com  which is not included in my 
white list so squid denied this request,

which could break to page from example.com .

What is the recommended way to solve this problem without manually 
including all domains to white list?




So ... two different domain names (A and B) need to be added to a 
whitelist as separate entries. That does not sound like a problem to me, 
it is normal for any type of list to have an entry for each distinct 
thing listed.



If your problem is that there are *sub*-domains in a dstdomain/srcdomain 
list, use wildcard entries. That is done by omitting the subdomain 
label(s), leaving one entry starting a '.' like so:

  acl foo dstdomain .example.com

If your problem is actually that there is a pattern to domain names TLD 
portion then you might use regex. Almost all ACl types have a *_regex 
variant. Like so:

  acl foo dstdom_regex example(\-[a-z])?\.com$


Amos
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

[squid-users] Squid white list

2022-07-04 Thread Ben Goz 
By the help of God.

Hi,
I want to use squid access list to implement white list of group of urls.
If I want to while list domain example.com and this website invokes http
requests to
domain example-a.com which is not included in my white list so squid denied
this request,
which could break to page from example.com.

What is the recommended way to solve this problem without manually
including all domains to white list?

Regards,
Ben
___
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users