[squid-users] http request header must use hostname
xxiao8 at fosiao.com
Mon Dec 7 00:13:28 UTC 2015
On 7/12/2015 7:38 a.m., Walter H. wrote:
> On 06.12.2015 11:07, Yuri Voinov wrote:
>> # Numeric IP's acl
>> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>> # Deny access to numeric IP's
>> http_access deny CONNECT numeric_IPs
>> deny_info TCP_RESET numeric_IPs
> and not to forget IPv6 ...
> acl numeric_IPs_ipv4 dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
> acl numeric_IPs_ipv6 dstdom_regex ([0-9A-Fa-f]+|\:)+[0-9A-Fa-f]+
> http_access deny CONNECT numeric_IPs_ipv4
> deny_info TCP_RESET numeric_IPs_ipv4
> http_access deny CONNECT numeric_IPs_ipv6
> deny_info TCP_RESET numeric_IPs_ipv6
OR IPv4-mapped address format,
OR that port can be included,
OR the fact that raw-IP can be used on any request..
http_access deny CONNECT ips
deny_info TCP_RESET ips
So xxiao8, why does one want to censor these requests anyway?
Thanks for all the replies. The reason is to enforce dns-based filtering
so you can't type in IP to bypass it easily.
More information about the squid-users