Re: [squid-users] ACL and http_access Confusion
So, replace acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ with acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ and will this work? http_access deny CONNECT numeric_IPs !allowed_IPs On 06.07.07 11:18, [EMAIL PROTECTED] wrote: Um, I'm starting to get a little confused here myself after that reply. When you are wanting to test the actual destination IP you can use the 'dst' type ACL (squid will do any DNS lokoup needed to find it before testing). note that using 'dst' acl will disable connecting to those IP's also if they're specified by a hostname, which is probably not what -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. BSE = Mad Cow Desease ... BSA = Mad Software Producents Desease
Re: [squid-users] ACL and http_access Confusion
Vadim Pushkin escribió: Hello; I have an ACL which contains IP addresses that I want to allow outbound requests to. acl allowed_IPs dstdomain /net/squid/allowed-IP-Dests I have another ACL which is intended to capture all destinations which use an IP address versus FQDN, which one of these two is correct for this purpose? acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ or acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ Finally, I want to deny all outbound requests to ACL numeric IP's (IP addresses only), *unless* the requested IP address is contained in my ACL allowed_IPs. Would the below work for this? http_access deny CONNECT numeric_IPs !allowed_IPs If you are going to use in CONNECT you have to use dstdom_regex. CONNECT only have hostname and port. Emilio C.
Re: [squid-users] ACL and http_access Confusion
From: Emilio Casbas [EMAIL PROTECTED] Vadim Pushkin escribió: Hello; I have an ACL which contains IP addresses that I want to allow outbound requests to. acl allowed_IPs dstdomain /net/squid/allowed-IP-Dests I have another ACL which is intended to capture all destinations which use an IP address versus FQDN, which one of these two is correct for this purpose? acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ or acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ Finally, I want to deny all outbound requests to ACL numeric IP's (IP addresses only), *unless* the requested IP address is contained in my ACL allowed_IPs. Would the below work for this? http_access deny CONNECT numeric_IPs !allowed_IPs If you are going to use in CONNECT you have to use dstdom_regex. CONNECT only have hostname and port. Emilio C. So, replace acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ with acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ and will this work? http_access deny CONNECT numeric_IPs !allowed_IPs
Re: [squid-users] ACL and http_access Confusion
From: Emilio Casbas [EMAIL PROTECTED] Vadim Pushkin escribió: Hello; I have an ACL which contains IP addresses that I want to allow outbound requests to. acl allowed_IPs dstdomain /net/squid/allowed-IP-Dests I have another ACL which is intended to capture all destinations which use an IP address versus FQDN, which one of these two is correct for this purpose? acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ or acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ Finally, I want to deny all outbound requests to ACL numeric IP's (IP addresses only), *unless* the requested IP address is contained in my ACL allowed_IPs. Would the below work for this? http_access deny CONNECT numeric_IPs !allowed_IPs If you are going to use in CONNECT you have to use dstdom_regex. CONNECT only have hostname and port. Emilio C. So, replace acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ with acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ and will this work? http_access deny CONNECT numeric_IPs !allowed_IPs Um, I'm starting to get a little confused here myself after that reply. When you are wanting to test the actual destination IP you can use the 'dst' type ACL (squid will do any DNS lokoup needed to find it before testing). When you are wanting to test for people sending CONNECT 1.2.3.4 HTTP/1.1 etc. then dstdomain (for pre-known IPA), or dstdom_regex (to catch all IPA) is needed. Amos
