Are you sure the "bad" address is using the Squid server to connect to
Secure Sites? In any case, change the acl "badurl" to:
acl badurl dstdomain .bad.site
(note the leading period. Leave it off if you don't want to block
subdomains.) url_regex is CPU intensive.
Chris
-----Original Message-----
From: Steve Brown [mailto:sbrown@taz.qinetiq.com]
Sent: Friday, November 26, 2004 3:15 AM
To: squid-users@squid-cache.org
Subject: [squid-users] acl to deny https url from one src addy
Hi list,
What's the best way to stop a particular IP address from getting access
to a https url?
I've tried:
acl badurl url_regex ^https://bad.site/*
acl badaddy src 1.2.3.4/32
http_access deny badurl badaddy
and that works for plain http urls, but doesn't for httpS, presumably
because of the connect method bypassing the acl?
and adding
http_access deny CONNECT badurl badaddy
didn't fix it. Naturally I'm overlooking something?
Steve
Received on Mon Nov 29 2004 - 11:47:16 MST
This archive was generated by hypermail pre-2.1.9 : Wed Dec 01 2004 - 12:00:02 MST