> acl ports port 443
> acl domains dstdomain .foo.com
> acl CONNECT method CONNECT
>
> http_access allow CONNECT ports domain
> http_access deny all
>
> When I try to connect to www.foo.com I get a denied access.

For dstdomain acltype , a reverse lookup is done for the ip-based urls. If the look up 
fail "none" will be return.
You can check in the access.log for that request in the request method field (6th 
field).
It is not succeeded at the point.So you are getting denied access.

> When on the other hand I do (1.2.3.4 is www.foo.com's address)
>
> acl ports port 443
> acl hosts dst 1.2.3.4
> acl CONNECT method CONNECT
>
> http_access allow CONNECT ports hosts
> http_access deny all
>
> I do get access.

dst acl type is resolving the destination address directly. So you are not having the 
problem to access it.
Compare the two request methods from the access.log. It will give you the difference.

Regards,
Muthukumar.


---
===============  It is a "Virus Free Mail" ===============
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.692 / Virus Database: 453 - Release Date: 5/28/2004

Reply via email to