RE: [squid-users] Blocking all IP sites

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 10 May 2005 22:59:54 +0200 (CEST)

On Tue, 10 May 2005, Chris Robertson wrote:

>> url_regex http://[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*
>
> I don't know if it would be less processor intensive, but
>
> url_regex http://[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
>
> would be more accurate. :o)

Actually both are flawed in the same manner and can easily be bypassed..
the Internet URL syntax allows for additional parameters infront of the
host name.

A simple and effective pattern is

url_regex http://[^/]\.[0.9]+(/|$)

or you could use the new squid-2.5.STABLE9-dstdomain_ip.patch which allows
you to match these in dstdom_regex

dstdom_regex \.[0-9]+$

(Note: this does not work in 2.5.STABLE9 and earlier).

Regards
Henrik
Received on Tue May 10 2005 - 14:59:56 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:02 MDT