Re: [squid-users] Allow all '.gov' sites

From: Michael Alger <squid_at_mm.quex.org>
Date: Thu, 31 Jul 2008 22:42:26 +0800

On Thu, Jul 31, 2008 at 07:16:19AM -0700, mesartwell wrote:
> I just setup a squid proxy server and have blocked all web access
> except for a whitelist of acceptable sites. On the whitelist I
> have .gov, which I intended to allow users to get to all sites
> ending in .gov. However this gives access to unintended sites,
> like 'www.screwthegovernment.com'. Is it possible to specify that
> .gov must be the top level domain? Thanks.

How did your implement your whitelist? The "dstdomain" ACL is
intended for matching domains and does what you want.

For all domains ending in .gov, the correct entry is: .gov

The leading "." indicates that subdomains are also acceptable;
without it, only the specified domain name is okay. For example,
"dstdomain whitehouse.gov" would allow access to
http://whitehouse.gov, but not http://www.whitehouse.gov.
Received on Thu Jul 31 2008 - 14:42:29 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 31 2008 - 12:00:05 MDT