Re: Peering with 1.2b20 (Cont.)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Tue, 19 May 1998 23:58:18 +0200

Mario Sergio Fujikawa Ferreira wrote:

> acl peers srcdomain proxy4.pop-df.rnp.br cache.cr-df.rnp.br
> acl neighbors srcdomain proxy2-bsb.gns.com.br

These should use src ACL and not srcdomain. The src domain accepts FQDN
names as well as dotted IP even if squid.conf does not mention it.

srcdomain works in a slightly different way and the intended use is when
you want to give a whole domain certain rights/restrictions. Here squid
does a reverse lookup of the known IP and then maches the returned
domainname.

A warning on the srcdomain ACL: Squid does not try to validate the
returned domainname and can easily be fooled by anyone with control over
a DNS server. Dont use srcdomain ACL to protect your Squid; always use
the IP based src ACL for protection.

---
Henrik Nordström
Received on Tue May 19 1998 - 15:09:26 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:40:14 MST