On 24/03/2012 2:22 a.m., Michał Wiącek wrote:
>
>> If I am understanding you right, what you actually want is a whitelist
>> or blacklist of destinations in the firewall. This would work better
>> than what Squid can offer with HTTPS.
> Yes , whitelist would be best for me
>
>> In both cases you have the same problems of figuring out and listing
>> what destination IP/host are to be blocked or allowed. The firewall can
>> do it far faster and simpler though.
> I know that firewall can do it - but have hundreds of domains name which
> need to be resove by dns it overkill my Cisco firewall, for now i have rules
> by ipv4 and it is higly loaded, but ip for domains changes sometimes and
> giving many troubles ... I want move that to squid proxy (it would be for me
> easiest and costless change cause have a lot not used servers)
> I could try do it with iptables scripts , but want do it by squid
>
Squid has the same problem. When comparing IP to domain, the domain must
be resolved during the testing. Every time.
Amos
Received on Fri Mar 23 2012 - 22:52:36 MDT
This archive was generated by hypermail 2.2.0 : Sat Mar 24 2012 - 12:00:04 MDT