[squid-users] Regular expressions with dstdom_regex ACL

Fri May 13 08:22:12 UTC 2016

On Fri, May 13, 2016 07:32, Amos Jeffries wrote:
> On 13/05/2016 3:44 p.m., Walter H. wrote:
>> p.s.
>> the sample here
>> http://wiki.squid-cache.org/ConfigExamples/Chat/Skype
>> doesn't work, too
>>
>
> The skype pattern is matching the port Skype uses. You need to drop that
> off the pattern. But it should match if you use just the raw-IP part.

it is somewhat weired, because
wget http://[2a00:1a68:3:1::c5a5:8590]/
isn't blocked and the following are
all blocked as they should:
wget http://[2a00:1a68:3::c5a5:8590]/
wget http://[2a00:1a68:3:1::c5a:8590]/
wget http://[2a00:1a68:3:1::c5a5:859]/
wget http://[2a00:1a68:2:1::c5a5:8590]/

here this part in access.log

parentproxy.local - - [13/May/2016:09:44:10 +0200] "GET
http://[2a00:1a68:2:1::c5a5:8590]/ HTTP/1.0" 403 1578
"-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:46:53 +0200] "GET
http://[2a00:1a68:3:1::c5a5:8590]/ HTTP/1.0" 301 590 "
-" "Wget/1.12 (linux-gnu)" TCP_MISS:HIER_DIRECT
parentproxy.local - - [13/May/2016:09:46:54 +0200] "GET
http://mathemainzel.info/ HTTP/1.0" 200 2662 "-" "Wget
/1.12 (linux-gnu)" TCP_MISS:HIER_DIRECT
parentproxy.local - - [13/May/2016:09:47:03 +0200] "GET
http://[2a00:1a68:2:1::c5a5:8590]/ HTTP/1.0" 403 1578
"-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:14 +0200] "GET
http://[2a00:1a68:3::c5a5:8590]/ HTTP/1.0" 403 1574 "-
" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:37 +0200] "GET
http://[2a00:1a68:3:1::c5a:8590]/ HTTP/1.0" 403 1576 "
-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:45 +0200] "GET
http://[2a00:1a68:3:1::c5a5:859]/ HTTP/1.0" 403 1576 "
-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE

here the ACL

acl block_domains_iphost dstdom_regex "/etc/squid/iphost-acl.squid"
deny_info ERR_DOMAIN_IPHOST_BLOCKED block_domains_iphost
http_access deny block_domains_iphost

and iphost-acl.squid has the following content:

^[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}$
^\[([0-9a-f]{0,4})(:|[0-9a-f]{0,4}){1,7}\]$
^\[::1\]$
^\[.*\]$
^([0-9a-f]{0,4})(:|[0-9a-f]{0,4}){1,7}$
^::1$
^.*$

some part above I have this in squid.conf

acl allow_domains dstdom_regex "/etc/squid/domain_regex-acl.squid"
http_access allow allow_domains

and domain_regex-acl.squid has the following content:

...
\.mathemainzel\.info$
...

what is this mystic, that
wget http://[2a00:1a68:3:1::c5a5:8590]/
isn't blocked, even it should ...

by the way  wget http://81.19.145.52/ is blocked as you see in the log

parentproxy.local - - [13/May/2016:10:12:53 +0200] "GET
http://81.19.145.52/ HTTP/1.0" 403 1550 "-" "Wget/1.12 (li
nux-gnu)" TCP_DENIED:HIER_NONE

just as an experiment, if I remove this one entry of domain_regex-acl.squid
then
wget http://[2a00:1a68:3:1::c5a5:8590]/
is blocked, why not with this entry?

Thanks and greetings from Austria,
Walter