Thanks Amos.
For handling subnets, do i need to create a separate ACL? or it can be
clubbed in the list of IPs?
acl aclname dst [-n] ip-address/mask
OR
acl aclname dst "subnets_file"
The documentation http://www.squid-cache.org/Doc/config/acl/ mentions
that this is a slow acl.
How does this work actually? Is it so that for each request, a dns
query is done and matched against this acl?
Regards
On Tue, Oct 15, 2013 at 9:44 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 15/10/2013 4:59 p.m., Sachin Gupta wrote:
>>
>> Hi All,
>>
>> I have setup a list of URLs and IPs dumped into a file which need to
>> be blocked.
>> acl is setup as per documentation:
>
>
> ??
>
>
>> However, upon testing, the IPs are not getting blocked. Also there are
>> some subnets in the same file. Those are also not getting blocked.
>>
>> Is there a special handling required here? or this approach is
>> incorrect for blocking IPs or subnets?
>
>
> Based on the description I guess you have one file witha mix of things to
> block on.
> You need the file to be separated into different sets of properties.
>
> For example:
> * one list of IPs
> * one list of domains
> * one list of full-URL regex patterns
> * one list of path-only regex patterns
>
> Each set needs to be configured as a different ACL name and type defining
> what property of the transation is to be tested against the values listed in
> that set.
> Then the http_access controls designed to test the ACLs and determine
> whetherit gets allowed/denied when the ACL matches.
>
> More details can be found at http://wiki.squid-cache.org/SquidFaq/SquidAcl.
>
> Amos
Received on Tue Oct 15 2013 - 07:29:00 MDT
This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:06 MDT