[squid-users] block visit 80/443 browsing via IP(no domain name)
Walter H.
Walter.H at mathemainzel.info
Sun Jul 29 16:59:28 UTC 2018
On 29.07.2018 06:11, Gordon Hsiao wrote:
> is there a way to block any attempt to visit http/https by _any_ IP
> directly, i.e.
>
> http://my-IP or https://my-IP (yes this will give a warning for SSL
> most likely). here my-IP could be any IPv4 address, for example.
>
> Basically I want to have Squid to enforce all 80/443 access should be
> done via a FQDN instead of an IP, is this possible? or should this be
> handled in a redirector instead?
>
Hi,
I use this
/etc/squid/blockdomains-iphost-acl.squid contains this
^[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}$
^\[([0-9a-f]{0,4})(:|:[0-9a-f]{0,4}){1,7}\]$
/etc/squid/squid.conf contains this
acl allow_domains_iphost dstdom_regex
"/etc/squid/allowdomains-iphost-acl.squid"
acl block_domains_iphost dstdom_regex
"/etc/squid/blockdomains-iphost-acl.squid"
...
deny_info ERR_DOMAIN_IPHOST_BLOCKED block_domains_iphost
...
http_access allow allow_domains_iphost
http_access deny block_domains_iphost
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180729/15f2cc68/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20180729/15f2cc68/attachment.bin>
More information about the squid-users
mailing list