[squid-users] Can ANyone Help Me Re: [squid-users] ACL Question - (urlpath_regex OR url_regex)

From: Vadim Pushkin <wiskbroom@dont-contact.us>
Date: Wed, 17 Oct 2007 21:18:45 +0000

Thanks,

.vp

>From: "Vadim Pushkin" <wiskbroom@hotmail.com>
>To: sven.frommholz@konexxo.de

>Hi Sven;
>
>I am unable to use:
>
>acl allowed-CONNECT dst 192.168.0.0/24
>
>Well, I could, but then I would have to add one for each host and or subnet
>in my list, far too inefficient.
>
>>squid will not see URLs at all during SSL traffic, so url_regex will not
>>work.
>
>Yes, since it is in the URL, it *will* see this. In fact, it does and it
>works with url_regex right now.
>
>The problem that I am having is that I need to maintain a list, defined
>below, which can use either wildcards or something else that would allow me
>to state subnets.
>
>Thanks all in advance, this is getting frustrating for me :-(
>
>.vp
>
>
>
> Vadim Anatoly Pushkin
>-- The Ukranian Stallion --
>
>
>>From: "Sven Frommholz - Konexxo GmbH" <sven.frommholz@konexxo.de>
>
>>
>>Vadim Pushkin wrote
>> > Hello All;
>> >
>> > I have a rule which blocks the use of CONNECT based on the
>> > user calling an
>> > IP address vs. FQDN, this works great!
>> >
>> > I am able to specify allowed IP addresses by adding them into
>> > /squid/etc/allow-ip-addresses.
>> >
>> > I am in need of adding entire subnets, or parts of a network
>> > as well, which
>> > I am unable to figure out.
>> >
>> > I have within my squid.conf, the following:
>> >
>> > acl Safe_ports port 80 # http
>> > acl Safe_ports port 21 # ftp
>> > acl Safe_ports port 22 # ssh
>> >
>> > acl SSL_ports port 443
>> >
>> > acl CONNECT method CONNECT
>> >
>> > # Should I use dstdomain versus something else here?
>> > acl allowed-CONNECT dstdomain "/squid/etc/allow-ip-addresses"
>> >
>> > # When I use urlpath_regex, it allows *everything* through.
>> > acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>> >
>> > http_access deny !Safe_ports
>> > http_access deny CONNECT !SSL_ports
>> > http_access deny CONNECT numeric_IPs !allowed-CONNECT
>> >
>> > Please help,
>> >
>> > .vp
>>
>>squid will not see URLs at all during SSL traffic, so url_regex will not
>>work.
>>Try "acl allowed-CONNECT dst 192.168.0.0/24" for subnets.
>>
>>Sven
>
>
Received on Wed Oct 17 2007 - 15:18:57 MDT

This archive was generated by hypermail pre-2.1.9 : Thu Nov 01 2007 - 13:00:01 MDT