Mario Sergio Fujikawa Ferreira wrote:
> acl peers srcdomain proxy4.pop-df.rnp.br cache.cr-df.rnp.br
> acl neighbors srcdomain proxy2-bsb.gns.com.br
These should use src ACL and not srcdomain. The src domain accepts FQDN
names as well as dotted IP even if squid.conf does not mention it.
srcdomain works in a slightly different way and the intended use is when
you want to give a whole domain certain rights/restrictions. Here squid
does a reverse lookup of the known IP and then maches the returned
domainname.
A warning on the srcdomain ACL: Squid does not try to validate the
returned domainname and can easily be fooled by anyone with control over
a DNS server. Dont use srcdomain ACL to protect your Squid; always use
the IP based src ACL for protection.
--- Henrik NordströmReceived on Tue May 19 1998 - 15:09:26 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:14 MST