On 7/12/2015 7:38 a.m., Walter H. wrote:
> On 06.12.2015 11:07, Yuri Voinov wrote:
>> # Numeric IP's acl
>> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>>
>> # Deny access to numeric IP's
>> http_access deny CONNECT numeric_IPs
>> deny_info TCP_RESET numeric_IPs
>>
> and not to forget IPv6 ...
>
> acl numeric_IPs_ipv4 dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>
> acl numeric_IPs_ipv6 dstdom_regex ([0-9A-Fa-f]+|\:)+[0-9A-Fa-f]+
>
> http_access deny CONNECT numeric_IPs_ipv4
> deny_info TCP_RESET numeric_IPs_ipv4
>
> http_access deny CONNECT numeric_IPs_ipv6
> deny_info TCP_RESET numeric_IPs_ipv6
OR IPv4-mapped address format,
OR that port can be included,
OR the fact that raw-IP can be used on any request..
acl ips
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9a-f]+)?:([0-9a-f:]+)?:([0-9a-f]+|[0-9\.]+)?\]))(:[0-9])?$
http_access deny CONNECT ips
deny_info TCP_RESET ips
Getting complicated...
So xxiao8, why does one want to censor these requests anyway?
Amos
---
Thanks for all the replies. The reason is to enforce dns-based filtering
so you can't type in IP to bypass it easily.
xxiao
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users