[squid-users] Whitelist domain ignored?

Jose Torres-Berrocal jetsystemservices at gmail.com
Wed Oct 5 22:56:14 UTC 2016


Correcting typo:

And placing it inside a whitelist.acl file:
acl whitelist2 dstdom_regex -i "whitelist.acl"

Where whitelist.acl content:
^familymedicinepr\.com$
^mail\.yahoo\.com$
^neodecksoftware\.com$
^office\.net$
\.familymedicinepr\.com$
\.mail\.yahoo\.com$
\.neodecksoftware\.com$
\.office\.net$
Jose E Torres
939-777-4030
JET System Services


On Wed, Oct 5, 2016 at 6:53 PM, Jose Torres-Berrocal
<jetsystemservices at gmail.com> wrote:
> Lets try again:
>
> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
> .neodecksoftware.com .office.net
> =
> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
> ^neodecksoftware\.com$ ^office\.net$ \.familymedicinepr\.com$
> \.mail\.yahoo\.com$ \.neodecksoftware\.com$ \.office\.net$
>
> And placing it inside a whitelist.acl file:
> acl whitelist2 dstdom_regex -i "whitelist.acl"
>
> Where whitelist.acl content:
> .^familymedicinepr\.com$
> ^mail\.yahoo\.com$
> ^neodecksoftware\.com$
> ^office\.net$
> \.familymedicinepr\.com$
> \.mail\.yahoo\.com$
> \.neodecksoftware\.com$
> \.office\.net$
>
> Jose E Torres
> 939-777-4030
> JET System Services
>
>
> On Wed, Oct 5, 2016 at 5:07 PM, Alex Rousskov
> <rousskov at measurement-factory.com> wrote:
>> On 10/05/2016 02:59 PM, Jose Torres-Berrocal wrote:
>>> Please confirm equivalence:
>>>
>>> 1.
>>> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
>>> .neodecksoftware.com .office.net
>>> =
>>> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
>>> ^neodecksoftware\.com$ ^office\.net$
>>>
>>> OR
>>>
>>> 2.
>>> acl whitelist1 dstdomain .familymedicinepr.com .mail.yahoo.com
>>> .neodecksoftware.com .office.net
>>> =
>>> acl whitelist2 dstdom_regex ^familymedicinepr\.com$ ^mail\.yahoo\.com$
>>> ^neodecksoftware\.com$ ^office\.net$ \familymedicinepr\.com$
>>> \mail\.yahoo\.com$ \neodecksoftware\.com$ \office\.net$
>>
>>
>> Neither pair contains equivalent ACLs. The second attempt was closer to
>> the correct version but you missed the leading "." in the first of the
>> two regular expressions for each domain. For example, it is
>> "\.office\.net$" not "\office\.net$".
>>
>> I also recommend splitting dstdom_regex ACL into multiple lines, one
>> regular expression per line, for readability sake.
>>
>>
>> As others have already recommended, it is best to learn how regular
>> expressions work before proceeding further. They are a very valuable
>> tool for a sysadmin!
>>
>> Alex.
>>
>>
>>> On Wed, Oct 5, 2016 at 4:43 PM, Alex Rousskov wrote:
>>>> To map any leaf FQDN "foo.bar.baz":
>>>>
>>>>   1. start with "^";
>>>>   2. add "foo.bar.baz" where every period is escaped with "\";
>>>>   3. end with "$".
>>>>
>>>>   In summary, use the following regular expression: ^foo\.bar\.baz$
>>>>
>>>>
>>>> To map a whole ".bar.baz" domain, including any subdomains, use the
>>>> following two regular expressions:
>>>>
>>>>   \.bar\.baz$
>>>>   ^bar\.baz$
>>>>
>>>> This untested suggestion is based on how regular expressions work; it
>>>> assumes that Squid does not add anything to the specified expressions.
>>


More information about the squid-users mailing list