Hi Sven;
I am unable to use:
acl allowed-CONNECT dst 192.168.0.0/24
Well, I could, but then I would have to add one for each host and or subnet
in my list, far too inefficient.
>squid will not see URLs at all during SSL traffic, so url_regex will not
>work.
Yes, since it is in the URL, it *will* see this. In fact, it does and it
works with url_regex right now.
The problem that I am having is that I need to maintain a list, defined
below, which can use either wildcards or something else that would allow me
to state subnets.
Thanks all in advance, this is getting frustrating for me :-(
.vp
Vadim Anatoly Pushkin
-- The Ukranian Stallion --
>From: "Sven Frommholz - Konexxo GmbH" <sven.frommholz@konexxo.de>
>
>Vadim Pushkin wrote
> > Hello All;
> >
> > I have a rule which blocks the use of CONNECT based on the
> > user calling an
> > IP address vs. FQDN, this works great!
> >
> > I am able to specify allowed IP addresses by adding them into
> > /squid/etc/allow-ip-addresses.
> >
> > I am in need of adding entire subnets, or parts of a network
> > as well, which
> > I am unable to figure out.
> >
> > I have within my squid.conf, the following:
> >
> > acl Safe_ports port 80 # http
> > acl Safe_ports port 21 # ftp
> > acl Safe_ports port 22 # ssh
> >
> > acl SSL_ports port 443
> >
> > acl CONNECT method CONNECT
> >
> > # Should I use dstdomain versus something else here?
> > acl allowed-CONNECT dstdomain "/squid/etc/allow-ip-addresses"
> >
> > # When I use urlpath_regex, it allows *everything* through.
> > acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
> >
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > http_access deny CONNECT numeric_IPs !allowed-CONNECT
> >
> > Please help,
> >
> > .vp
>
>squid will not see URLs at all during SSL traffic, so url_regex will not
>work.
>Try "acl allowed-CONNECT dst 192.168.0.0/24" for subnets.
>
>Sven
Received on Wed Oct 17 2007 - 08:12:07 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT