[squid-users] http_access deny for dstdomain acl not denying access to url.. what am I doing wrong?
Amos Jeffries
squid3 at treenet.co.nz
Wed Oct 15 18:31:06 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 16/10/2014 7:23 a.m., Mirza Dedic wrote:
> Thanks Walter and Amos, i've taken your advice and now I got the
> blocking to partially work. I've re-organized how my ACLs are setup
> (order) and using your examples Walter to implement my ACLs.
>
> Working on the facebook example, I have..
>
> acl block_domains_regex dstdom_regex -i
> "/etc/squid/block-domains-regex-list-acl.squid" deny_info
> ERR_URL_BLOCKED block_domains_regex http_access deny
> block_domains_regex
>
> In the acl file, I have..
>
> .*\.facebook\.com.*
1) .* prefix and suffix are not useful.
2) dstdomain ACL type is faster than regex
>
> According to http://www.regexr.com this blocks:
>
> https://www.facebook.com https://www.facebook.com/something
> https://something.facebook.com www.facebook.com
> http://www.facebook.com
>
> However, it will not block..
>
> https://facebook.com http://facebook.com
>
> I can't seem to get this right to block the bottom 2, any ideas?
For that set of domains use:
acl block_domains dstdomain .facebook.com
NP: the '.' at the beginnign means wildcard any sub-domain as well as
the matching domain.
Amos
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJUPr1qAAoJELJo5wb/XPRjEWQH/0N13Zc6StASsDocqoyHh2+z
luqgM5mtBAeKA2uOsDY5Ojt9I4Ew2ypQOx/8rJtILnUwu7XWURkdIEzDQ5eYTufj
ThFIRwMSdNPRktoW+JifjK2Xk68BPQJ3s9IKVX41ODB8W20PQpLpW1TUhYNa/vKi
E3vKsLn/QGj50ynGiBjaOg1A95doGMLO3PvkuAD2OX4W/CJSJ19vxPiOlUwKkX64
w8mfw3OaNikkFdfBanLsaMIxgJ7vhgxc8OVr0FErJe1wvHaSs4EsVqAIZX7J0OQH
FN3QQUnW2l+GJJhuQPz+o0gzn0MAN6yEaZXpy7LCwOc4ne9Q4MjBVaqJNlFsyiY=
=AWrq
-----END PGP SIGNATURE-----
More information about the squid-users
mailing list