dstdomain is for matching host names and domains. (.example.com is a
domain, www.example.com is a host)
dst is for matching IP addresses and destination networks. Any host
names listed in a dst ACL will be converted into IP addresses when
the configuration is parsed. If the IP address later changes the ACL
will no longer match.
Note: Many large sites have "dynamic" IP addresses, changing every
minute or so..
Regards
Henrik Nordström
On Monday 04 February 2002 02.55, philip.wolfe@centrelink.gov.au
wrote:
> I have an internal squid proxy running an ACL to allow users to
> access the internet.
>
> The line is pretty simple:
>
> acl stealth dstdomain "/opt/squid/etc/stealth.txt"
> acl stealthhost dst "/opt/squid/etc/stealthhost.txt"
> ...
> ...
> ...
> ...
> http_access allow stealth
> http_access allow stealthhost
>
> The contents of stealth.txt is some allowed domains, such as
> "gov.au". The contents of the stealthhost.txt file is simply a text
> list of URLs, such as "www.csit.tafe.net".
> This was working fine up today!
>
> For some reason, the ACL for stealthhost.text stopped working. The
> ACL for stealth.txt had not problem at all!
>
> I overcame it by simply creating a duplicate copy of
> "/opt/squid/etc/stealthhost.txt" and copy+paste the contents into a
> new file. I then added a new ACL line:
>
> acl stealthhosttest dst "/opt/squid/etc/stealthhost.txt.test"
> ...
> ...
> ...
> http_access allow stealthhosttest
>
> squid -k reconfigure
>
> Everything worked again.
>
> Why would squid do this?? Is this a know bug with any versions?
>
> I'd prefer to not disclose my squid version.
>
> Cheers.
-- MARA Systems AB, Giving you basic free Squid support Customized solutions, packaged solutions and priority support available on requestReceived on Tue Feb 12 2002 - 21:53:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:06:15 MST