On Wed, 12 Jul 2000, squidinfo wrote:
> Hi,
>
> Is there any way by which we can force squid to do a reverse DNS lookup
> on every connection. Thus if I send a request to the proxy server, it
> should perform a reverse lookup on that IP. If it does not find a DNS
> entry for that IP, then the connection must be refused. I want this
> because certain people who spoof their IP's to unassigned IP's to browse
> restricted sites. This makes it impossible to trace the offender.
Hi,
You can do this through ACLs. You can create something like this:
acl ALLOWED srcdomain PC1.your.domain.whatever \
PC2.your.domain.whatever \
PC3.your.domain.whatever \
...
acl all src 0.0.0.0/0.0.0.0
http_access allow ALLOWED
http_access deny all
This will perform a DNS lookup on every requests, and if the
requesting PC's
name doesn't coincide with the reported IP, the connection is denied.
I use this configuration in the University where I work, just to
block unauthorized internet connections, and it works OK.
The only thing
you should need is a little script to easily add/remove PCs from the
ACLs. :-)
Saludos
Javier
/* ------------------------------------------------------------------------ */
Javier E. Bértoli | Centro de Telemática
| Universidad Nacional del Litoral
jbertoli@unl.edu.ar | Santa Fe - Argentina
/* ------------------------------------------------------------------------ */
"...recuerda cuando tu padre te decía: "mejor es dar de más";
cuando juraste esa noche a las estrellas que tu serías igual..."
(D. Torres)
Received on Wed Jul 12 2000 - 05:34:22 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:54:30 MST