RE: [squid-users] Blocking all IP sites
On Thu, 26 May 2005, squidrunner support wrote: If you use dstdom* acl, then squid will reverse lookup on that domain. You can use url_regex acl itself as, 2.5.STABLE10 and later allows matching of IP based hosts in dstdomain and dstdom_regex. Regards Henrik
RE: [squid-users] Blocking all IP sites
On Thu, 26 May 2005 [EMAIL PROTECTED] wrote: The problem is that it works when i am testing it with squidclient, but not in production. What does access.log say? Regards Henrik
RE: [squid-users] Blocking all IP sites
The problem is that it works when i am testing it with squidclient, but not in production. Please elaborate with sample logs? It will work. How it is differing from testing and production? == Best Regards, Squid Runner Support squidrunner_dev at yahoo dot com Web: http://geocities.com/squidrunner_dev/ Support: runnersupport at gmail dot com SquidRunner - An Automatic Squid Builder == __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: [squid-users] Blocking all IP sites
well If i am testing with squid-client, i've got 127.0.0.1 - - [27/May/2005:16:48:43 +0200] GET http://1.2.3.4 HTTP/1.0 403 1398 TCP_DENIED:NONE If i am testing from my browser, i've got x.x.x.x - - [27/May/2005:16:46:54 +0200] GET http://1.2.3.4/ HTTP/1.0 0 0 TCP_MISS:NONE For information, the request forwards through an internal proxies before being treated by the parent proxy --
RE: [squid-users] Blocking all IP sites
On Fri, 27 May 2005 [EMAIL PROTECTED] wrote: If i am testing with squid-client, i've got 127.0.0.1 - - [27/May/2005:16:48:43 +0200] GET http://1.2.3.4 HTTP/1.0 403 1398 TCP_DENIED:NONE If i am testing from my browser, i've got x.x.x.x - - [27/May/2005:16:46:54 +0200] GET http://1.2.3.4/ HTTP/1.0 0 0 TCP_MISS:NONE For information, the request forwards through an internal proxies before being treated by the parent proxy What does your http_access rules look like? Regards Henrik
RE: [squid-users] Blocking all IP sites
Hello to all,
i've tried the two acls you've proposed, without succes at the moment.
#acl ip_sites url_regex ^http://[^/]\.[0.9]+(/|$)
and
acl ip_sites dstdom_regex ip_based
^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
http_access deny ip_sites
Is there something I've missed ?
--
RE: [squid-users] Blocking all IP sites
#acl ip_sites url_regex ^http://[^/]\.[0.9]+(/|$)
and
acl ip_sites dstdom_regex ip_based
^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
http_access deny ip_sites
If you use dstdom* acl, then squid will reverse lookup
on that domain. You can use url_regex acl itself as,
acl ip_sites url_regex
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/
hth.
==
Best Regards,
Squid Runner Support
squidrunner_dev at yahoo dot com
Web: http://geocities.com/squidrunner_dev/
Support: runnersupport at gmail dot com
SquidRunner - An Automatic Squid Builder
==
__
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
RE: [squid-users] Blocking all IP sites
Thank you.
i've tried also the url_regex.
The problem is that it works when i am testing it with squidclient,
but not in production.
Thanks in advance for your support
#acl ip_sites url_regex ^http://[^/]\.[0.9]+(/|$)
and
acl ip_sites dstdom_regex ip_based
^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
http_access deny ip_sites
If you use dstdom* acl, then squid will reverse lookup
on that domain. You can use url_regex acl itself as,
acl ip_sites url_regex
^http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/
hth.
==
Best Regards,
Squid Runner Support
squidrunner_dev at yahoo dot com
Web: http://geocities.com/squidrunner_dev/
Support: runnersupport at gmail dot com
SquidRunner - An Automatic Squid Builder
==
__
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
--
[squid-users] Blocking all IP sites
Can you guide me how to block all dest IP based sites (no domain name), while name based requests are still allowed? They make my box overloaded and too much flood. Thank you. Winn
RE: [squid-users] Blocking all IP sites
Hi Winn url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* regards Mukunthd -Original Message- From: Winn Rama [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 10, 2005 2:06 PM To: squid-users@squid-cache.org Subject: [squid-users] Blocking all IP sites Can you guide me how to block all dest IP based sites (no domain name), while name based requests are still allowed? They make my box overloaded and too much flood. Thank you. Winn *** This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. ***
RE: [squid-users] Blocking all IP sites
-Original Message-
From: Winn Rama [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 2:06 PM
To: squid-users@squid-cache.org
Subject: [squid-users] Blocking all IP sites
Can you guide me how to block all dest IP based sites (no domain
name), while name based requests are still allowed?
They make my box overloaded and too much flood.
Thank you.
Winn
-Original Message-
From: Mukunthan D [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 12:52 AM
To: 'Winn Rama'; squid-users@squid-cache.org
Subject: RE: [squid-users] Blocking all IP sites
Hi Winn
url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
regards
Mukunthd
I don't know if it would be less processor intensive, but
url_regex http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
would be more accurate. :o)
Chris
Re: [squid-users] Blocking all IP sites
On 10.05 14:21, Mukunthan D wrote: url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]* I'm not so sure that would deny requests for sites like 1.2.3.4.fantomas.sk -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harm
RE: [squid-users] Blocking all IP sites
-Original Message-
From: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 9:40 AM
To: squid-users@squid-cache.org
Subject: Re: [squid-users] Blocking all IP sites
On 10.05 14:21, Mukunthan D wrote:
url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
I'm not so sure that would deny requests for sites like
1.2.3.4.fantomas.sk
The original request was:
Can you guide me how to block all dest IP based sites (no domain name),
while name based requests are still allowed?
*shrug*
In any case, the regex would block the domain you specified
(1.2.3.4.fantomas.sk), as it (the regex) doesn't specify where the string
would start or end... In all honesty, it would probably be better to use a
dstdom_regex for the stated purpose, as then only the domain portion of the
request would be compared to the regex, versus the whole url. Something
like:
dstdom_regex ip_based ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
would match IP based requests fairly narrowly. One could get even more
specific, but that might require a pretty complex regular expression, and
that's not something that you really want to do to reduce load.
Chris
