[squid-users] http request header must use hostname

xxiao8 xxiao8 at fosiao.com
Mon Dec 7 00:13:28 UTC 2015

On 7/12/2015 7:38 a.m., Walter H. wrote:
 > On 06.12.2015 11:07, Yuri Voinov wrote:
 >> # Numeric IP's acl
 >> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
 >> # Deny access to numeric IP's
 >> http_access deny CONNECT numeric_IPs
 >> deny_info TCP_RESET numeric_IPs
 > and not to forget IPv6 ...
 > acl numeric_IPs_ipv4 dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
 > acl numeric_IPs_ipv6 dstdom_regex ([0-9A-Fa-f]+|\:)+[0-9A-Fa-f]+
 > http_access deny CONNECT numeric_IPs_ipv4
 > deny_info TCP_RESET numeric_IPs_ipv4
 > http_access deny CONNECT numeric_IPs_ipv6
 > deny_info TCP_RESET numeric_IPs_ipv6

OR IPv4-mapped address format,
OR that port can be included,
OR the fact that raw-IP can be used on any request..

   acl ips

  http_access deny CONNECT ips
  deny_info TCP_RESET ips

Getting complicated...

So xxiao8, why does one want to censor these requests anyway?



Thanks for all the replies. The reason is to enforce dns-based filtering 
so you can't type in IP to bypass it easily.


More information about the squid-users mailing list