Re: [squid-users] configuring acl for blocking (URLs and IPs/Subnets) from Amos Jeffries on 2013-10-15 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Tue, 15 Oct 2013 21:15:09 +1300

On 15/10/2013 8:28 p.m., Sachin Gupta wrote:
> Thanks Amos.
>
> For handling subnets, do i need to create a separate ACL? or it can be
> clubbed in the list of IPs?
>
> acl aclname dst [-n] ip-address/mask
> OR
>
> acl aclname dst "subnets_file"

The format is start-finish/mask. With finish and mask both being
optional. So...

acl foo dst 192.0.2.1
acl foo dst 192.0.2.20-192.0.2.24
acl foo dst 192.0.2.128-192.0.2.192/25
acl foo dst 192.0.2.192/27

are all valid entries. As are any IPv6 addresses in the same format.

> The documentation http://www.squid-cache.org/Doc/config/acl/ mentions
> that this is a slow acl.
> How does this work actually? Is it so that for each request, a dns
> query is done and matched against this acl?

Yes. Exactly that reason.

Amos
Received on Tue Oct 15 2013 - 08:15:21 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:06 MDT