On 29.07.2018 06:11, Gordon Hsiao wrote:
is there a way to block any attempt to visit http/https by _any_ IP directly, i.e.http://my-IP or https://my-IP (yes this will give a warning for SSL most likely). here my-IP could be any IPv4 address, for example.Basically I want to have Squid to enforce all 80/443 access should be done via a FQDN instead of an IP, is this possible? or should this be handled in a redirector instead?
Hi,
I use this
/etc/squid/blockdomains-iphost-acl.squid contains this
^[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}\.[12]?[0-9]{1,2}$
^\[([0-9a-f]{0,4})(:|:[0-9a-f]{0,4}){1,7}\]$
/etc/squid/squid.conf contains this
acl allow_domains_iphost dstdom_regex
"/etc/squid/allowdomains-iphost-acl.squid"
acl block_domains_iphost dstdom_regex
"/etc/squid/blockdomains-iphost-acl.squid"
... deny_info ERR_DOMAIN_IPHOST_BLOCKED block_domains_iphost ... http_access allow allow_domains_iphost http_access deny block_domains_iphost
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
