On 07.12.2015 08:49, Amos Jeffries wrote:
On 7/12/2015 5:41 p.m., Walter H. wrote:
On 07.12.2015 00:21, Amos Jeffries wrote:
Getting complicated...
So xxiao8, why does one want to censor these requests anyway?
Amos
try to connect natively with the IP-Address instead of the hostname ...
the S
On 7/12/2015 5:41 p.m., Walter H. wrote:
> On 07.12.2015 00:21, Amos Jeffries wrote:
>> Getting complicated...
>>
>> So xxiao8, why does one want to censor these requests anyway?
>>
>> Amos
> try to connect natively with the IP-Address instead of the hostname ...
> the SSL certificate of the host i
On 07.12.2015 00:21, Amos Jeffries wrote:
Getting complicated...
So xxiao8, why does one want to censor these requests anyway?
Amos
try to connect natively with the IP-Address instead of the hostname ...
the SSL certificate of the host itself prevents the connection without
message in the use
On 7/12/2015 7:38 a.m., Walter H. wrote:
> On 06.12.2015 11:07, Yuri Voinov wrote:
>> # Numeric IP's acl
>> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>>
>> # Deny access to numeric IP's
>> http_access deny CONNECT numeric_IPs
>> deny_info TCP_RESET numeric_IPs
>>
> and not to fo
On 7/12/2015 7:38 a.m., Walter H. wrote:
> On 06.12.2015 11:07, Yuri Voinov wrote:
>> # Numeric IP's acl
>> acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>>
>> # Deny access to numeric IP's
>> http_access deny CONNECT numeric_IPs
>> deny_info TCP_RESET numeric_IPs
>>
> and not to forg
On 06.12.2015 11:07, Yuri Voinov wrote:
# Numeric IP's acl
acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
# Deny access to numeric IP's
http_access deny CONNECT numeric_IPs
deny_info TCP_RESET numeric_IPs
and not to forget IPv6 ...
acl numeric_IPs_ipv4 dstdom_regex [0-9]+\.[0-9]+
I would make it a more accurate regex which requires start and end line
matching and max size of the number like:
acl numeric_IPs dstdom_regex
^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$
It will match more the exact real IP addresses but it will work.
Eliezer
On 06/12/2015 12:07, Yuri Vo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
# Numeric IP's acl
acl numeric_IPs dstdom_regex [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
# Deny access to numeric IP's
http_access deny CONNECT numeric_IPs
deny_info TCP_RESET numeric_IPs
06.12.15 8:45, xxiao8 пишет:
> is it possible to enforce all http r
is it possible to enforce all http requests must use non-IP for the
destination, i.e. dns/hostname.
for example: http://www.google.com will be fine, but http://some-IP will
not.
Thanks,
xxiao
___
squid-users mailing list
squid-users@lists.squid-cac
