On Tue, 27 Aug 1996, Duane Wessels wrote:
> gulli@calpar.cnuce.cnr.it writes:
>
> >Is this a FAQ quest ? i have to setup an acl based on domain;
> >it's to busy for me to set an acl based on ip 'case my domain
> >has too many networks inside.
>
> Its supported in 1.1.alpha, but not 1.0. You can specify
>
> acl FOO srcdomain cnuce.cnr.it
>
> Your users will probably notice some additional delay since a
> DNS query occurs before the request proceeds too far.
>
> Note 1.1.alpha still has some bugs which can cause it to coredump
> a couple times per day.
>
> Duane W.
>
>
I got a somehow related question. I notice by adding a trailing dot at the
end of hostname of URL can actually bypass the following ACLs. The DNS
lookup does return a valid IP address since it is a fully-qualified domain
name.
case 1 : http://www.playboy.com.
case 2 : http://www.playboy.com./~sex
Case 1
######
acl Block_Site1 domain www.playboy.com
http_access deny Block_Site1
Case 2
######
acl Block_Site2 url_regex www.playboy.com/~sex
http_access deny Block_Site2
I guess Squid should 'chop off' the trailing dot before comparing it with
the ACLs.
Regards,
_______________________________________________________________________
Leong Tiang Wah Email : ltw1@np.ac.sg
Computer Centre Fax : (65)467-5424
Ngee Ann Polytechnic
Received on Tue Sep 03 1996 - 05:32:38 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:32:55 MST