>
> Squid can handle these by itself. With a regular "squid -k
reconfigure"
> after updating the files.
>
> For the list of pure hostnames a "dstdomain" acl is the best.
> For the list of URI snippets a "urlpath_regex" acl probably with "-i"
is
> needed.
>
> If the domain/ip file is an pruned version of the domains with URI
> entries, then the URI may not be useful as its all caught by the
domain.
> If they are different then yes both have a use.
>
> Amos
>
>
[Tom replied with:]
Amos, would you then recommend that the domain acl be listed before the
url acl?
That would block by domain if a url included an entry in the domain list
- if that's the desired result, thus avoiding the expensive (resource
wise) urlpath_regex lookup.
I guess it would all depend on the desired results but something that
should be considered when implementing acls.
Thomas J. Raef
e-Based Security, LLC
www.ebasedsecurity.com
1-866-838-6108
"You're either hardened, or you're hacked!"
Received on Fri Nov 02 2007 - 04:41:32 MDT
This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST