RE: [squid-users] dstdomain acl is not working for IP addresses- squid-STABLE10

From: Chris Robertson <crobertson@dont-contact.us>
Date: Tue, 31 May 2005 11:18:20 -0800

> -----Original Message-----
> From: cgfreita@unipam.edu.br [mailto:cgfreita@unipam.edu.br]
> Sent: Tuesday, May 31, 2005 9:41 AM
> To: squid-users@squid-cache.org
> Subject: [squid-users] dstdomain acl is not working for IP addresses-
> squid-STABLE10
>
>
> Hello,
>
> squid-STABLE10 ( compiled from the official source )
> Linux - Slackware
>
> I am having troubles with dstdomain acl.
> I have already looked at my confs and they seen to be correct.
> Could someone, please, help me to find what is the problem?
>
> My conf, and some example of files used there, are at the bottom.
>
> Lets use, arbitrary, for example, the domain: miniclip.com
>
> As could be seen in confs, I have this domain in dst_a(acl), but if I
> try to acess www.miniclip.com using 66.165.172.181 ip address it
> loads with no problem.
>

You might have picked a bad example... 66.165.172.181 does not have any
in-addr.arpa information associated with it. In other words, a reverse
lookup for 66.165.172.181 does not return a hostname. No way for squid to
know that they are one and the same.

> I have tried some regex to get ip addresses in url_regex acl, but I
> got some problems, as, for example, hotmail. When trying to download
> files there, the URL is generated using ip addresses and gets
> blocked. So, I have to get dstdomain working.
>

Perhaps you should white list a few IP addresses (or ranges) as IP
addresses, and deny the rest by default.

> I have a lot of more lines in dst_a.txt and porn_a.txt.
>
> Please, what did I miss?
> Thank you for your attention.
>
> Freitas

---SNIP---

Chris
Received on Tue May 31 2005 - 13:19:38 MDT

This archive was generated by hypermail pre-2.1.9 : Wed Jun 01 2005 - 12:00:04 MDT