Hi all,

I'm trying to setup deny_info for denied sites using CONNECT method.
This is something that doesn't work 100% depending on browser, etc.

Could be possible to change the 30X:http://x.x.x.x/deny.html to something
based in DNS replies ?

Squid uses its own directive "dns_nameserver" to configure which name
server is going to use.

I was thinking on something like this

dns_nameserver_deny 172.16.1.1  <- IP of dnsmasq server
acl deniedsites dstdomain "/list/of/denied/domains" (.youtube.com , .
facebook.com
)
http_access deny deniedsites

but instead of

deny_info deniedsites 307:http://172.16.1.1/deny.html

something like this

deny_dns_info deniedsites 172.16.1.1

and 172.16.1.1 is going to resolv:

172.16.1.1 youtube.com facebook.com, etc

It is possible ?

based on destination domain, the IP to return, so if I ask for facebook.com
I'll get 172.16.1.1 and the certificate warning appears, but the error
(Denied Site) too.

Thanks
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users

Reply via email to