>From: Emilio Casbas <ecasbas@unav.es>
>Vadim Pushkin escribió:
>>Hello;
>>
>>I have an ACL which contains IP addresses that I want to allow outbound
>>requests to.
>>
>>acl allowed_IPs dstdomain "/net/squid/allowed-IP-Dests"
>>
>>I have another ACL which is intended to capture all destinations which use
>>an IP address versus FQDN, which one of these two is correct for this
>>purpose?
>>
>>acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>>or
>>acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>>
>>Finally, I want to deny all outbound requests to ACL numeric IP's (IP
>>addresses only), *unless* the requested IP address is contained in my ACL
>>"allowed_IPs".
>>
>>Would the below work for this?
>>
>>http_access deny CONNECT numeric_IPs !allowed_IPs
>>
>
>If you are going to use in CONNECT you have to use dstdom_regex.
>CONNECT only have hostname and port.
>
>Emilio C.
So, replace
acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
with
acl numeric_IPs dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
and
will this work?
http_access deny CONNECT numeric_IPs !allowed_IPs
Received on Thu Jul 05 2007 - 13:25:27 MDT
This archive was generated by hypermail pre-2.1.9 : Wed Aug 01 2007 - 12:00:03 MDT