[squid-users] Whitelist domain ignored?

Jose Torres-Berrocal jetsystemservices at gmail.com
Wed Oct 5 22:53:08 UTC 2016 

Lets try again:

acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
.neodecksoftware.com .office.net
=
acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
^neodecksoftware\.com$ ^office\.net$ \.familymedicinepr\.com$
\.mail\.yahoo\.com$ \.neodecksoftware\.com$ \.office\.net$

And placing it inside a whitelist.acl file:
acl whitelist2 dstdom_regex -i "whitelist.acl"

Where whitelist.acl content:
.^familymedicinepr\.com$
^mail\.yahoo\.com$
^neodecksoftware\.com$
^office\.net$
\.familymedicinepr\.com$
\.mail\.yahoo\.com$
\.neodecksoftware\.com$
\.office\.net$

Jose E Torres
939-777-4030
JET System Services


On Wed, Oct 5, 2016 at 5:07 PM, Alex Rousskov
<rousskov at measurement-factory.com> wrote:
> On 10/05/2016 02:59 PM, Jose Torres-Berrocal wrote:
>> Please confirm equivalence:
>>
>> 1.
>> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
>> .neodecksoftware.com .office.net
>> =
>> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
>> ^neodecksoftware\.com$ ^office\.net$
>>
>> OR
>>
>> 2.
>> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
>> .neodecksoftware.com .office.net
>> =
>> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
>> ^neodecksoftware\.com$ ^office\.net$ \familymedicinepr\.com$
>> \mail\.yahoo\.com$ \neodecksoftware\.com$ \office\.net$
>
>
> Neither pair contains equivalent ACLs. The second attempt was closer to
> the correct version but you missed the leading "." in the first of the
> two regular expressions for each domain. For example, it is
> "\.office\.net$" not "\office\.net$".
>
> I also recommend splitting dstdom_regex ACL into multiple lines, one
> regular expression per line, for readability sake.
>
>
> As others have already recommended, it is best to learn how regular
> expressions work before proceeding further. They are a very valuable
> tool for a sysadmin!
>
> Alex.
>
>
>> On Wed, Oct 5, 2016 at 4:43 PM, Alex Rousskov wrote:
>>> To map any leaf FQDN "foo.bar.baz":
>>>
>>>   1. start with "^";
>>>   2. add "foo.bar.baz" where every period is escaped with "\";
>>>   3. end with "$".
>>>
>>>   In summary, use the following regular expression: ^foo\.bar\.baz$
>>>
>>>
>>> To map a whole ".bar.baz" domain, including any subdomains, use the
>>> following two regular expressions:
>>>
>>>   \.bar\.baz$
>>>   ^bar\.baz$
>>>
>>> This untested suggestion is based on how regular expressions work; it
>>> assumes that Squid does not add anything to the specified expressions.
>

More information about the squid-users mailing list