[squid-users] Regular expressions with dstdom_regex ACL
Walter H.
walter.h at mathemainzel.info
Fri May 13 08:22:12 UTC 2016
On Fri, May 13, 2016 07:32, Amos Jeffries wrote:
> On 13/05/2016 3:44 p.m., Walter H. wrote:
>> p.s.
>> the sample here
>> http://wiki.squid-cache.org/ConfigExamples/Chat/Skype
>> doesn't work, too
>>
>
> The skype pattern is matching the port Skype uses. You need to drop that
> off the pattern. But it should match if you use just the raw-IP part.
it is somewhat weired, because
wget http://[2a00:1a68:3:1::c5a5:8590]/
isn't blocked and the following are
all blocked as they should:
wget http://[2a00:1a68:3::c5a5:8590]/
wget http://[2a00:1a68:3:1::c5a:8590]/
wget http://[2a00:1a68:3:1::c5a5:859]/
wget http://[2a00:1a68:2:1::c5a5:8590]/
here this part in access.log
parentproxy.local - - [13/May/2016:09:44:10 +0200] "GET
http://[2a00:1a68:2:1::c5a5:8590]/ HTTP/1.0" 403 1578
"-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:46:53 +0200] "GET
http://[2a00:1a68:3:1::c5a5:8590]/ HTTP/1.0" 301 590 "
-" "Wget/1.12 (linux-gnu)" TCP_MISS:HIER_DIRECT
parentproxy.local - - [13/May/2016:09:46:54 +0200] "GET
http://mathemainzel.info/ HTTP/1.0" 200 2662 "-" "Wget
/1.12 (linux-gnu)" TCP_MISS:HIER_DIRECT
parentproxy.local - - [13/May/2016:09:47:03 +0200] "GET
http://[2a00:1a68:2:1::c5a5:8590]/ HTTP/1.0" 403 1578
"-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:14 +0200] "GET
http://[2a00:1a68:3::c5a5:8590]/ HTTP/1.0" 403 1574 "-
" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:37 +0200] "GET
http://[2a00:1a68:3:1::c5a:8590]/ HTTP/1.0" 403 1576 "
-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
parentproxy.local - - [13/May/2016:09:47:45 +0200] "GET
http://[2a00:1a68:3:1::c5a5:859]/ HTTP/1.0" 403 1576 "
-" "Wget/1.12 (linux-gnu)" TCP_DENIED:HIER_NONE
here the ACL
acl block_domains_iphost dstdom_regex "/etc/squid/iphost-acl.squid"
deny_info ERR_DOMAIN_IPHOST_BLOCKED block_domains_iphost
http_access deny block_domains_iphost
and iphost-acl.squid has the following content:
^[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}$
^\[([0-9a-f]{0,4})(:|[0-9a-f]{0,4}){1,7}\]$
^\[::1\]$
^\[.*\]$
^([0-9a-f]{0,4})(:|[0-9a-f]{0,4}){1,7}$
^::1$
^.*$
some part above I have this in squid.conf
acl allow_domains dstdom_regex "/etc/squid/domain_regex-acl.squid"
http_access allow allow_domains
and domain_regex-acl.squid has the following content:
...
\.mathemainzel\.info$
...
what is this mystic, that
wget http://[2a00:1a68:3:1::c5a5:8590]/
isn't blocked, even it should ...
by the way wget http://81.19.145.52/ is blocked as you see in the log
parentproxy.local - - [13/May/2016:10:12:53 +0200] "GET
http://81.19.145.52/ HTTP/1.0" 403 1550 "-" "Wget/1.12 (li
nux-gnu)" TCP_DENIED:HIER_NONE
just as an experiment, if I remove this one entry of domain_regex-acl.squid
then
wget http://[2a00:1a68:3:1::c5a5:8590]/
is blocked, why not with this entry?
Thanks and greetings from Austria,
Walter
More information about the squid-users
mailing list