Re: [squid-users] How to create an ACL matching patterns from an URL

From: Supratik Goswami <supratik.goswami_at_webyog.com>
Date: Thu, 14 Jul 2011 20:19:50 +0530

Hello Amos,

Thanks for the information.

Regards

Supratik

On Thu, Jul 14, 2011 at 7:11 PM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
>
> On 15/07/11 01:26, Supratik Goswami wrote:
>>
>> Hello Amos,
>>
>> I checked the documentation, it is working fine when I match only the domain.
>>
>> acl forbiddenURLs url_regex -i "/etc/squid/forbiddenURL.txt"
>> http_access deny forbiddenURLs
>>
>> Any domain name I put in the forbiddenURL.txt is working fine.
>>
>> for example: .example.com can block everything for that domain.
>>
>> It is not working when the request is redirected to the HTTPS page
>> (home.php) after the login
>> page of that domain when I modify the expression to include
>> ".example.com/home.php".
>>
>> Is there any way I can validate my acl statements against the URL ?
>> (I want to know if I am doing it correctly).
>
> HTTP_S_ is a different problem entirely. Squid never sees the /path piece of the URL their. That is buried in the encrypted area. All Squid sees for https:// is the host and port which the encrypted data is to be sent.
>
> Example:
>  CONNECT domain:port HTTP/1.1
>  Host: domain
>
>  ... binary encrypted data...
>
> Amos
> --
> Please be using
>  Current Stable Squid 2.7.STABLE9 or 3.1.14
>  Beta testers wanted for 3.2.0.9
Received on Thu Jul 14 2011 - 14:50:17 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 14 2011 - 12:00:02 MDT