[squid-users] Whitelist domain ignored?
Alex Rousskov
rousskov at measurement-factory.com
Wed Oct 5 21:07:24 UTC 2016
On 10/05/2016 02:59 PM, Jose Torres-Berrocal wrote:
> Please confirm equivalence:
>
> 1.
> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
> .neodecksoftware.com .office.net
> =
> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
> ^neodecksoftware\.com$ ^office\.net$
>
> OR
>
> 2.
> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
> .neodecksoftware.com .office.net
> =
> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
> ^neodecksoftware\.com$ ^office\.net$ \familymedicinepr\.com$
> \mail\.yahoo\.com$ \neodecksoftware\.com$ \office\.net$
Neither pair contains equivalent ACLs. The second attempt was closer to
the correct version but you missed the leading "." in the first of the
two regular expressions for each domain. For example, it is
"\.office\.net$" not "\office\.net$".
I also recommend splitting dstdom_regex ACL into multiple lines, one
regular expression per line, for readability sake.
As others have already recommended, it is best to learn how regular
expressions work before proceeding further. They are a very valuable
tool for a sysadmin!
Alex.
> On Wed, Oct 5, 2016 at 4:43 PM, Alex Rousskov wrote:
>> To map any leaf FQDN "foo.bar.baz":
>>
>> 1. start with "^";
>> 2. add "foo.bar.baz" where every period is escaped with "\";
>> 3. end with "$".
>>
>> In summary, use the following regular expression: ^foo\.bar\.baz$
>>
>>
>> To map a whole ".bar.baz" domain, including any subdomains, use the
>> following two regular expressions:
>>
>> \.bar\.baz$
>> ^bar\.baz$
>>
>> This untested suggestion is based on how regular expressions work; it
>> assumes that Squid does not add anything to the specified expressions.
More information about the squid-users
mailing list