On 7 Jan 2002 at 14:11, Boniforti Flavio wrote:
> I've got a list of forbidden sites, done this way:
>
> .sitename.com
> .sitenam2.com
> subsite.site.com
>
> and so on...
>
> Now, the ACL line reads "dstdomain". Is it true that in this way I
> would be able to connect to the "blocked" sites by using their IP
> address???
The short answer is maybe. With name based virtual hosting, there might be many
web sites that share the same IP address. The server "knows" which site to return
since the site name is supposed to be included with the request. If this is the case with
the site you are trying to block, then the site won't normally be reachable by using the
IP since the server won't know which site the user is trying to access. (In this case,
Apache seems to default to the first site found in its config file.)
On the other hand, more popular sites will have multiple IPs with the same name since
there are multiple servers. If you are trying to block one of these by IP number, you will
have to make sure that you include all of the IP numbers. For example, today
www.cnn.com and www.hotmail.com both have 6 IP numbers each.
Allan.
Received on Mon Jan 07 2002 - 12:43:32 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:05:39 MST