Re: Peering with 1.2b20 (Cont.)

From: Henrik Nordstrom <>
Date: Tue, 19 May 1998 23:58:18 +0200

Mario Sergio Fujikawa Ferreira wrote:

> acl peers srcdomain
> acl neighbors srcdomain

These should use src ACL and not srcdomain. The src domain accepts FQDN
names as well as dotted IP even if squid.conf does not mention it.

srcdomain works in a slightly different way and the intended use is when
you want to give a whole domain certain rights/restrictions. Here squid
does a reverse lookup of the known IP and then maches the returned

A warning on the srcdomain ACL: Squid does not try to validate the
returned domainname and can easily be fooled by anyone with control over
a DNS server. Dont use srcdomain ACL to protect your Squid; always use
the IP based src ACL for protection.

Henrik Nordström
Received on Tue May 19 1998 - 15:09:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:14 MST