Re: [squid-users] squid.conf not blocking sites....

From: Christoph Haas <email@dont-contact.us>
Date: Wed, 25 Jan 2006 23:05:00 +0100

On Wednesday 25 January 2006 22:34, Mark Elsen wrote:
> > Don't you rather want to use "dst" instead of "dstdomain"?
>
> From the FAQ on Access Controls :
>
> # dst: destination (server) IP addresses
> ^^^^^^^^^^^^^^^^^^^^
> # myip: the local IP address of a client's connection
> # srcdomain: source (client) domain name
> # dstdomain: destination (server) domain name

Admitted - it makes a difference. But most of the time when people want to
make an ACL point to a certain host they use 'dst'. Even though the IP
address is checked host names are still resolved.

And www.badsite.com looks suspiciously like a host entry. :)

Besides the (2.4) documentation on how to use dstdomain and when "*.domain"
or just "domain" needs to be used is not quite precise.

 Christoph

-- 
Never trust a system administrator who wears a tie and suit.
Received on Wed Jan 25 2006 - 15:05:15 MST

This archive was generated by hypermail pre-2.1.9 : Wed Feb 01 2006 - 12:00:01 MST