[squid-users] wildcard for numbers in url whitelisting

robert k Wild robertkwild at gmail.com
Fri Jul 16 07:08:53 UTC 2021


ok i finally realised for myself why it wasnt working, thanks so much
Matus!!!

http_access allow activation - as this is at the top, allows all internet
on ports 80 443, so the below is totally ignored
http_access allow whitelist
http_access allow whitelistreg
http_access deny all

http_access allow activation  whitelist - only allows ports above only AND
to the certain websites on the whitelist
http_access allow activation  whitelistreg -  only allows ports above only
AND to the certain websites on the whitelistreg
http_access deny all - denies all

thanks Amos aswell for pointing out the ssl server name wouldnt do regex

On Thu, 15 Jul 2021 at 15:13, robert k Wild <robertkwild at gmail.com> wrote:

> this is all i have in my urlwhitereg file
>
> \.vsb\.tawk\.to
>
> so i will change it to the below?
>
> \.vsb\.tawk\.to$
>
> also before i made all the changes it was working ie when these lines
>
> http_access allow activation whitelist
>
> it was only allowing those ports and anything in the urlwhite list ie the
> non regex ssl one and everything else ie that wasnt in the whitelist it was
> blocking
>
> On Thu, 15 Jul 2021 at 14:02, Matus UHLAR - fantomas <uhlar at fantomas.sk>
> wrote:
>
>> On 15.07.21 13:54, robert k Wild wrote:
>> >ok this hasnt worked, its allowing all the internet now ie urls
>>
>> improper regular expressions probably.
>> Are you aware that regular expressions can match in the middle of string?
>> you will need to use $ at the end of line e.g.
>>
>> \.com$
>>
>> to match .com domains (which is also reason to avoid regexps when
>> posssible)
>>
>> >#HTTP_HTTPS whitelist websites
>> >acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
>> >
>> >#HTTP_HTTPS whitelist websites regex
>> >acl whitelistreg ssl::server_name_regex
>> >"/usr/local/squid/etc/urlwhitereg.txt"
>>
>> >http_access allow activation
>>
>> this one should allow whole internet too.
>>
>> the standard squid config contains ACLs Safe_ports and SSL_ports along
>> with
>> directives to disallow using other ports, perhaps you should use those.
>>
>> >http_access allow whitelist
>> >http_access allow whitelistreg
>> >http_access deny all
>> >
>> >On Thu, 15 Jul 2021 at 13:43, robert k Wild <robertkwild at gmail.com>
>> wrote:
>> >
>> >> activation is an acl for ports, so
>> >>
>> >> acl activation port 80 443 8090 9251 # office adobe web
>> >>
>> >> On Thu, 15 Jul 2021 at 13:24, Matus UHLAR - fantomas <
>> uhlar at fantomas.sk>
>> >> wrote:
>> >>
>> >>> On 15.07.21 13:08, robert k Wild wrote:
>> >>> >#HTTP_HTTPS whitelist websites
>> >>> >acl whitelist ssl::server_name "/usr/local/squid/etc/urlwhite.txt"
>> >>> >
>> >>> >#HTTP_HTTPS whitelist websites regex
>> >>> >#acl whitelistreg ssl::server_name_regex
>> >>> >"/usr/local/squid/etc/urlwhitereg.txt"
>> >>> >
>> >>>
>> >>> you must split those to two lines, as all ACLs must match for
>> http_access
>> >>> line to match:
>> >>>
>> >>> http_access allow activation whitelist
>> >>> http_access allow activation whitelistreg
>> >>> http_access deny all
>> >>>
>> >>> I only can guess what "activation" means.
>> --
>> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
>> Warning: I wish NOT to receive e-mail advertising to this address.
>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
>> "Two words: Windows survives." - Craig Mundie, Microsoft senior strategist
>> "So does syphillis. Good thing we have penicillin." - Matthew Alton
>> _______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>>
>
>
> --
> Regards,
>
> Robert K Wild.
>


-- 
Regards,

Robert K Wild.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210716/5dac085c/attachment-0001.htm>


More information about the squid-users mailing list