Bugtraq mailing list archives
Re: Simple way to bypass squid ACLs
From: hno () HEM PASSAGEN SE (Henrik Nordstrom)
Date: Wed, 4 Mar 1998 00:21:05 +0100
Mauro Lacy wrote:
You can also replace the URL by its numerical IP address(at least this works for the proxy of my company) eg.:
This is a well known problem with access control in proxies.
I suppose that in this case you have to add the numerical IP of the URL in the ACL.
Squid has a special-case for matching IP addresses. If a valid reverse lookup is registered then this name is used, else the psuedo-domain "none". # Deny IP based requests where no reverse lookup is available acl unknown_ip dstdomain none http_access deny unknown_ip # Deny forbidden sites acl badsites dstdomain playboy.com .... http_access deny badsites --- Henrik Nordström Sparetime Squid Source Hacker
Current thread:
- Re: Simple way to bypass squid ACLs Henrik Nordstrom (Mar 03)