On Tue, 10 Aug 2010 16:26:07 +0200, Barry Irwin <bvi_at_lair.moria.org>
wrote:
> On 10/08/2010 11:34, John Doe wrote:
>> From: Scott Keith (NHS National Services Scotland) <keith_at_nhs.net>
>>
>>
>>> Hi, I've been trying to find out if it's possible to get squid to deny
>>> access
>>> to websites via an IP in the URL. I've had a fairly good Google
around
>>> o= n how
>>> to do this but I just keep finding out about blocking access to a
sin=
>>> gle IP
>>> whereas I just want to block access all websites via IP addresses.
>>> I know a solution to this can be implemented via ufbdguard and
>>> probably
>>> squidguard but I am only looking for a squid only solution just now.
>>>
>> You could do it with an external acl.
>> But I am wondering if you could also use something like:
>> acl notanip dstdom_regex [^0-9\.]
>> Not sure if dstdom works on IPs...
>>
>
> The following should work
>
>
> #stuff we need for trapping Skype connects
> acl numericIp urlpath_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
Matches an IP anywhere in the *path* portion.
ie http://example.com/192.168.255.255
NP: there is no path portion for CONNECT requests only a destination
domain and port. I'm very surprised this works for you. Perhapse you
actually have the dstdom_regex or the url_regex.
Amos
Received on Wed Aug 11 2010 - 00:05:30 MDT
This archive was generated by hypermail 2.2.0 : Wed Aug 11 2010 - 12:00:02 MDT