[squid-users] Proposal for deny_info
Alejandro Martinez
ajm.martinez at gmail.com
Sun Nov 9 14:35:09 UTC 2014
Hi all,
I'm trying to setup deny_info for denied sites using CONNECT method.
This is something that doesn't work 100% depending on browser, etc.
Could be possible to change the 30X:http://x.x.x.x/deny.html to something
based in DNS replies ?
Squid uses its own directive "dns_nameserver" to configure which name
server is going to use.
I was thinking on something like this
dns_nameserver_deny 172.16.1.1 <- IP of dnsmasq server
acl deniedsites dstdomain "/list/of/denied/domains" (.youtube.com , .
facebook.com
)
http_access deny deniedsites
but instead of
deny_info deniedsites 307:http://172.16.1.1/deny.html
something like this
deny_dns_info deniedsites 172.16.1.1
and 172.16.1.1 is going to resolv:
172.16.1.1 youtube.com facebook.com, etc
It is possible ?
based on destination domain, the IP to return, so if I ask for facebook.com
I'll get 172.16.1.1 and the certificate warning appears, but the error
(Denied Site) too.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20141109/21d70915/attachment.html>
More information about the squid-users
mailing list