On 27/07/10 7:32 AM, "Mellem, Dan" <dan.mel...@pomona.k12.ca.us> wrote:
> Instead of dstdomain, you could use a regular expression. You could use a
> pattern like:
>
> ^(www\.)?(google\.com?(\...)?)
>
> Which would catch:
> google.co
> google.com
> google.co.XX where XX is any two characters
> google.com.XX "" ""
> (with and without www.)
This would only "optionally" block www.google.com and any subs, but there
are heaps of sub domains associated with google. Henrick's solution is still
the cleanest.
Of course, just blocking it on a CONNET method should also work.
acl CONNECT method CONNECT
acl google dstdomain .google.com
http_access deny CONNECT google
Not sure how much different that is from Henricks solution but if (for some
unknown reason) google opened port 443 as non-ssl, had a legit site that
wasn't encrypted, and you had 443 in your safe-port list, then this method
"should" still work cleanly.
Scott
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
Please notify the sender immediately by email if you have received this
email by mistake and delete this email from your system. Please note that
any views or opinions presented in this email are solely those of the
author and do not necessarily represent those of the organisation.
Finally, the recipient should check this email and any attachments for
the presence of viruses. The organisation accepts no liability for any
damage caused by any virus transmitted by this email.
