I had to deny access from all the machines whose FQDN match "foo.{5}\.myorg\.fr"
I had a problem with squid ACL because i can't reduce the IP of foo?????.myorg.fr to a small
list of subnets, so i have written a small patch to do that :
My new ACL looks like the url_regex but it is for the source FQDN.
acl foo srcfqdn_regex foo.{5}\.myorg\.fr
This patch is for squid 1.1.20, and i hope it can be useful to someone else.
I tested it only on Solaris (2.4 & 2.5.1) (sparc, gcc).
bruno pennec
*** squid-1.1.20/src/acl.c.orig Mon Nov 3 20:27:08 1997
--- squid-1.1.20/src/acl.c Wed Feb 25 09:49:18 1998
***************
*** 153,158 ****
--- 153,160 ----
return ACL_DST_DOMAIN;
if (!strcmp(s, "srcdomain"))
return ACL_SRC_DOMAIN;
+ if (!strcmp(s, "srcfqdn_regex"))
+ return ACL_SRC_FQDN_REGEX;
if (!strcmp(s, "time"))
return ACL_TIME;
if (!strcmp(s, "pattern"))
***************
*** 634,639 ****
--- 636,644 ----
case ACL_URLPATH_REGEX:
aclParseRegexList(&A->data, 0);
break;
+ case ACL_SRC_FQDN_REGEX:
+ aclParseRegexList(&A->data, 1);
+ break;
case ACL_URL_PORT:
aclParseIntlist(&A->data);
break;
***************
*** 1101,1106 ****
--- 1106,1124 ----
return aclMatchDomainList(&acl->data, "none");
}
/* NOTREACHED */
+ case ACL_SRC_FQDN_REGEX:
+ fqdn = fqdncache_gethostbyaddr(checklist->src_addr, FQDN_LOOKUP_IF_MISS);
+ if (fqdn) {
+ return aclMatchRegex(acl->data, fqdn);
+ } else if (checklist->state[ACL_SRC_FQDN_REGEX] == ACL_LOOKUP_NONE) {
+ debug(28, 3, "aclMatchAcl: Can't yet compare '%s' ACL for '%s'\n",
+ acl->name, inet_ntoa(checklist->src_addr));
+ checklist->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_NEED;
+ return 0;
+ } else {
+ return aclMatchRegex(acl->data, "none");
+ }
+ /* NOTREACHED */
case ACL_TIME:
return aclMatchTime(acl->data, squid_curtime);
/* NOTREACHED */
***************
*** 1261,1266 ****
--- 1279,1285 ----
case ACL_URL_REGEX:
case ACL_URLPATH_REGEX:
case ACL_BROWSER:
+ case ACL_SRC_FQDN_REGEX:
aclDestroyRegexList(a->data);
break;
case ACL_URL_PORT:
*** squid-1.1.20/src/acl.h.orig Thu Feb 20 22:03:10 1997
--- squid-1.1.20/src/acl.h Wed Feb 25 09:37:05 1998
***************
*** 44,49 ****
--- 44,50 ----
ACL_PROTO,
ACL_METHOD,
ACL_BROWSER,
+ ACL_SRC_FQDN_REGEX,
ACL_ENUM_MAX
} squid_acl;
*** squid-1.1.20/src/client_side.c.orig Wed Nov 19 17:44:51 1997
--- squid-1.1.20/src/client_side.c Wed Feb 25 16:14:22 1998
***************
*** 71,76 ****
--- 71,88 ----
}
static void
+ clientLookupSrcFQDNRegexDone(int fd, const char *fqdn, void *data)
+ {
+ icpStateData *icpState = data;
+ debug(33, 5, "clientLookupSrcFQDNRegexDone: FD %d, '%s', FQDN %s\n",
+ fd,
+ icpState->url,
+ fqdn ? fqdn : "NULL");
+ icpState->aclChecklist->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_DONE;
+ clientAccessCheck(icpState, icpState->aclHandler);
+ }
+
+ static void
clientLookupDstFQDNDone(int fd, const char *fqdn, void *data)
{
icpStateData *icpState = data;
***************
*** 205,211 ****
clientLookupSrcFQDNDone,
icpState);
return;
! } else if (ch->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEED) {
ch->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; /* first */
ia = ipcacheCheckNumeric(icpState->request->host);
if (ia != NULL)
--- 217,230 ----
clientLookupSrcFQDNDone,
icpState);
return;
! } else if (ch->state[ACL_SRC_FQDN_REGEX] == ACL_LOOKUP_NEED) {
! ch->state[ACL_SRC_FQDN_REGEX] = ACL_LOOKUP_PENDING; /* first */
! fqdncache_nbgethostbyaddr(icpState->peer.sin_addr,
! icpState->fd,
! clientLookupSrcFQDNRegexDone,
! icpState);
! return;
! }else if (ch->state[ACL_DST_DOMAIN] == ACL_LOOKUP_NEED) {
ch->state[ACL_DST_DOMAIN] = ACL_LOOKUP_PENDING; /* first */
ia = ipcacheCheckNumeric(icpState->request->host);
if (ia != NULL)
Received on Tue Mar 03 1998 - 09:12:08 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:39:08 MST