>From: Henrik Nordstrom <henrik@henriknordstrom.net>
> > 1. I would like to create a list of either domains, sites and/or IP
> > addresses that would be used to restrict the use of CONNECT to just
> > sites/URL's contained in this list.
>
>Perfect fit for a dstdomain acl, maybe combined with a dst acl if by IP
>you mean actual IPs, not just IPs entered as part of the URL.
So, add this?
cat /home/squid/etc/allowed-connect-SITES
10.122.12.212
www.allowed-to-here.com
192.168.111.12
acl allowed-CONNECT dstdomain -i "/home/squid/etc/allowed-connect-SITES"
method CONNECT
# or
# acl allowed-CONNECT dstdomain -i "/home/squid/etc/allowed-connect-SITES"
http_access deny CONNECT !allowed-CONNECT
I've made the acl above with a "-i" because the URL, which would contain
either an IP address or domain, *may* only be a prt of the entire URL as the
user gets deeper into the website.
Finally, I am only guessing that -i works with dstdomain :-)
.vp
Received on Mon Apr 02 2007 - 12:43:47 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT