[squid-users] Whitelist domain ignored?

Jose Torres-Berrocal jetsystemservices at gmail.com
Wed Oct 5 19:15:56 UTC 2016


The situation is that I am using squid on the pfsense firewall.  Squid
is available as a package with GUI interface.  The whitelist is part
of the sections provided by the GUI and somehow entering the domains
as a list that I provided it does work for most of the domains but it
fails in others.  The squid.conf is generated by the GUI and uses
dstdom_regex for the whitelist.  It has custom area where I can place
the lines to use dstdomain and it works.  But I would like to know how
I should enter the domains as to make it work correctly using
dstdom_regex behaving like dstdomain

Jose E Torres
939-777-4030
JET System Services


On Wed, Oct 5, 2016 at 12:10 PM, Jok Thuau <jok at spikes.com> wrote:
>
>
> On Tue, Oct 4, 2016 at 6:01 PM, Jose Torres-Berrocal
> <jetsystemservices at gmail.com> wrote:
>>
>> > /var/squid/acl/whitelist.acl:
>>
>> [snip]
>> >
>> > .assertus.com
>> > .neodecksoftware.com
>>
>>
>> your whitelist for this domain says that it has "something" followed
>> by that domain name...
>>
>> >
>> >
>> > .office.net
>>
>> 1. Each domain is on separate line, why is consider the next line part
>> of the same pattern?
>>
>> in the end, your regular expression doesn't match.
>> "." means "any single character". you should replace that line with
>> something like this:
>> ^neodecksoftware\.com
>>
>> 2. Then I should change each domain line to resemble your suggested
>> pattern?
>>
>> ^assertus\.com
>> ^neodecksoftware\.com
>> ^office\.net
>>
>
> Well, not quite that simple. That pattern will block "www.office.net", which
> is probably not what you want. That pattern would only fix that one i
> mentioned (which doesn't use "www" or anything else in front of the domain).
> The "^" is an anchor for the beginning of the string. that would exclude any
> of the sub-domains.
>
> In the end, I believe Alex's suggestion (to change from dstdom_regex to
> dstdomain will be simpler, and will do what you expect (where if you list
> ".something.tld", it will accept both "www.something.tld" and
> "something.tld"). Refer to the documentation and example to understand how
> that is being handled.
>
> I would suggest you research regular expressions. Visit and play with
> regex101.com -- The explanation panel on the side will do wonders to
> demystify the pattern I provided.
>
> see:
> https://regex101.com/r/hVu6vX/3
>
> Thanks,
> Jok
>


More information about the squid-users mailing list