Hello All;
I have a rule which blocks the use of CONNECT based on the user calling an
IP address vs. FQDN, this works great!
I am able to specify allowed IP addresses by adding them into
/squid/etc/allow-ip-addresses.
I am in need of adding entire subnets, or parts of a network as well, which
I am unable to figure out.
I have within my squid.conf, the following:
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl SSL_ports port 443
acl CONNECT method CONNECT
# Should I use dstdomain versus something else here?
acl allowed-CONNECT dstdomain "/squid/etc/allow-ip-addresses"
# When I use urlpath_regex, it allows *everything* through.
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny CONNECT numeric_IPs !allowed-CONNECT
Please help,
.vp
Received on Tue Oct 16 2007 - 10:58:43 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT