Re: ACL domain based [Q]

From: Leong Tiang Wah <>
Date: Tue, 3 Sep 1996 20:30:31 +0800 (SST)

On Tue, 27 Aug 1996, Duane Wessels wrote:

> writes:
> >Is this a FAQ quest ? i have to setup an acl based on domain;
> >it's to busy for me to set an acl based on ip 'case my domain
> >has too many networks inside.
> Its supported in 1.1.alpha, but not 1.0. You can specify
> acl FOO srcdomain
> Your users will probably notice some additional delay since a
> DNS query occurs before the request proceeds too far.
> Note 1.1.alpha still has some bugs which can cause it to coredump
> a couple times per day.
> Duane W.

I got a somehow related question. I notice by adding a trailing dot at the
end of hostname of URL can actually bypass the following ACLs. The DNS
lookup does return a valid IP address since it is a fully-qualified domain

case 1 :
case 2 :
Case 1
acl Block_Site1 domain
http_access deny Block_Site1

Case 2
acl Block_Site2 url_regex
http_access deny Block_Site2

I guess Squid should 'chop off' the trailing dot before comparing it with
the ACLs.

Leong Tiang Wah Email :
Computer Centre Fax : (65)467-5424
Ngee Ann Polytechnic
Received on Tue Sep 03 1996 - 05:32:38 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:55 MST