[squid-users] Whitelist domain ignored?

Jose Torres-Berrocal jetsystemservices at gmail.com
Thu Oct 6 18:28:03 UTC 2016


Benjamin:

The situation is that I am using squid as a pfsense firewall package.
The squid package is made that a user should enter a whitelist in a
GUI that when saved generates the squid.conf file.  Internally they
use dstdom_regex  instead of dstdomain so the whitelist should be
entered for the regex format not for the dstdomain format.

The squid package maintainer probably made a mistake or do not have a
full understanding of the dstdom_regex, or was lazy explaining how the
whitelist box in his GUI was supposed to be used.

I want to know the correct format to make it work correctly and post
the formula in the pfsense forum as others could benefit from your
support.   I want to provide how to use dstdomain withing the package
GUI capacities and the regex correct use.  Others will decide the
solution they will use.


Jose E Torres
939-777-4030
JET System Services


On Thu, Oct 6, 2016 at 1:57 PM, Benjamin E. Nichols
<webmaster at squidblacklist.org> wrote:
> I think you are creating more work for yourself. What is the practical
> advantage using regex. When you clearly arent doing url blacklisting. But
> rather domain blacklisting. Its uneccesary and pointless.
>
>
>  Benjamin  E. Nichols
>
> http://www.squidblacklist.org
>
>
> 1-405-397-1360
>
>
> ------ Original message------
>
> From: Jose Torres-Berrocal
>
> Date: Thu, Oct 6, 2016 12:52 PM
>
> To: Alex Rousskov;
>
> Cc: Squid Users;
>
> Subject:Re: [squid-users] Whitelist domain ignored?
>
>
> "dstdomain .office.net" does not match xoffice.net domain.  I do notwant to
> match xoffice.net with the regex.So I should use my own last version,
> right?Jose E Torres939-777-4030JET System ServicesOn Thu, Oct 6, 2016 at
> 1:28 PM, Alex Rousskov wrote:> On 10/05/2016 11:45 PM, Amos Jeffries
> wrote:>> On 6/10/2016 11:56 a.m., Jose Torres-Berrocal wrote:>>> acl
> whitelist2 dstdom_regex -i "whitelist.acl">>>>>> Where whitelist.acl
> content:>>> ^familymedicinepr.com$>>> ^mail.yahoo.com$>>>
> ^neodecksoftware.com$>>> ^office.net$>>> .familymedicinepr.com$>>>
> .mail.yahoo.com$>>> .neodecksoftware.com$>>> .office.net$>>>> There is a
> simpler way if you are going to insisit on regex instead of>> dstdomain.
> Starting the pattern with an optional '.' character:  .?>>>> So
> whitelist.acl content:>>>> .?familymedicinepr.com$>> .?mail.yahoo.com$>>
> .?neodecksoftware.com$>> .?office.net$>> That simpler way is incorrect
> AFAICT: The top/correct ACL list does not> match "xoffice.net" but yours
> does.>> Alex.>_______________________________________________squid-users
> mailing
> listsquid-users at lists.squid-cache.orghttp://lists.squid-cache.org/listinfo/squid-users


More information about the squid-users mailing list