Re: [squid-users] configuring acl for blocking (URLs and IPs/Subnets)

From: Amos Jeffries <>
Date: Tue, 15 Oct 2013 21:15:09 +1300

On 15/10/2013 8:28 p.m., Sachin Gupta wrote:
> Thanks Amos.
> For handling subnets, do i need to create a separate ACL? or it can be
> clubbed in the list of IPs?
> acl aclname dst [-n] ip-address/mask
> OR
> acl aclname dst "subnets_file"

The format is start-finish/mask. With finish and mask both being
optional. So...

acl foo dst
acl foo dst
acl foo dst
acl foo dst

are all valid entries. As are any IPv6 addresses in the same format.

> The documentation mentions
> that this is a slow acl.
> How does this work actually? Is it so that for each request, a dns
> query is done and matched against this acl?

Yes. Exactly that reason.

Received on Tue Oct 15 2013 - 08:15:21 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 15 2013 - 12:00:06 MDT