lör 2007-04-28 klockan 20:35 -0700 skrev Chuck Kollars:
> I want to block a whole bunch of https: proxies. I
> don't need to find them or to understand them - just
> block them. I already have a list of them (thanks to
> urlblacklist.com and DansGuardian).
Then block them. Provided the traffic is sent via Squid to begin with.
What is a no-dice is to have Squid deny traffic which is not even sent
via Squid. I'e if you run a transparent interception setup, not having
the browsers configured to use the proxy.
> acl proxy dstdomain "file_blacklist_of_proxies.txt"
> http_access deny proxy
This needs to go before where you allow traffic.
> 2) Is the problem that the size of the blacklist might
> be very large (~10,000) and performance suffers so
> much this is unworkable?
10000 is quite fine for dstdomain.
> Help me understand.
Help me understand in what context I said this was not possible.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT