On Wed, 16 Mar 2005 newsgroups.mail2@stefanbaur.de wrote:
> Okay, so it seems I'm using the wrong ACL type, but which one would be
> right?
Which kind of acl to use depends on what data you have.
In most whitelist situations you need to use both dstdomain and dst acls
for different portions of the whitelist.
> IOW, I don't need the functionality that squid checks if the DNS name a
> user entered matches the IP in this list, I only need to check if the IP
> entered by the user is one of the IPs in this list. Would I have to use
> regular expressions for that, or is there a simpler way?
The best would be to combine a regex matching "any IP" with a dst acl
having the IP whitelist. This to ensure the ip based ACL is only used when
the user actually requested an IP.
I posted a regex for "requested by IP" matching some days ago.
> Also, what I don't understand is why a DNS server that doesn't know the
> queried IP/DNS, and also doesn't know which other DNS servers to ask,
> still speeds up the process.
Because it sends a negative response relatively quickly. If not Squid will
keep on retransmitting the DNS lookup for some time before giving up.
Regards
Henrik
Received on Wed Mar 16 2005 - 19:01:06 MST
This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST