> On Mon, 12 Sep 2005, Matus UHLAR - fantomas wrote:
>
> >however, currently I'm not able to differ if someone entered an this IP (or
> >hostname pointing to this IP) or an invalid hostname, and give people
> >different error messages.
On 14.09 01:30, Henrik Nordstrom wrote:
> The first (explicitly entered) can be matched using dstdomain in
> 2.5.STABLE10.
actually yes, but I consider this as workaround. I also filled a bug
according to your next mail (and my original request too):
http://www.squid-cache.org/bugs/show_bug.cgi?id=1394
> >I probably could make an exemption in denying 240.0.0.0/4 or allow
> >accessing 255.255.255.255, but I found this sick...
>
> Removing the use of 255.255.255.255 from he dst acl is trivial. In acl.c
> look for ACL_DST_IP in aclMatchAcl, and at the end of it's block replace
>
> return aclMatchIp(&ae->data, no_addr);
>
> with simply
>
> return 0;
>
> this will make dst acls always false if the destination IP can not be
> resolved (there is no IP to match the acl against, so it can't be true..)
Thanks, I think I'll patch the squid manually now.
> Then to match invalid hosts you can use
>
> acl all_destinations dst 0.0.0.0/0
> http_access deny !all_destinations
good to know, when I'll set up multilanguage error messages :)
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Microsoft dick is soft to do no harmReceived on Wed Sep 14 2005 - 04:02:27 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT