Re: [squid-users] How to create an ACL matching patterns from an URL

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Fri, 15 Jul 2011 01:41:20 +1200

On 15/07/11 01:26, Supratik Goswami wrote:
> Hello Amos,
>
> I checked the documentation, it is working fine when I match only the domain.
>
> acl forbiddenURLs url_regex -i "/etc/squid/forbiddenURL.txt"
> http_access deny forbiddenURLs
>
> Any domain name I put in the forbiddenURL.txt is working fine.
>
> for example: .example.com can block everything for that domain.
>
> It is not working when the request is redirected to the HTTPS page
> (home.php) after the login
> page of that domain when I modify the expression to include
> ".example.com/home.php".
>
> Is there any way I can validate my acl statements against the URL ?
> (I want to know if I am doing it correctly).

HTTP_S_ is a different problem entirely. Squid never sees the /path
piece of the URL their. That is buried in the encrypted area. All Squid
sees for https:// is the host and port which the encrypted data is to be
sent.

Example:
  CONNECT domain:port HTTP/1.1
  Host: domain

  ... binary encrypted data...

Amos

-- 
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.14
   Beta testers wanted for 3.2.0.9
Received on Thu Jul 14 2011 - 13:41:33 MDT

This archive was generated by hypermail 2.2.0 : Thu Jul 14 2011 - 12:00:02 MDT