Re: Simple way to bypass squid ACLs

[hno () HEM PASSAGEN SE (Henrik Nordstrom)]

Mauro Lacy wrote:

> You can also replace the URL by its numerical IP address(at least this
> works for the proxy of my company) eg.:

This is a well known problem with access control in proxies.

> I suppose that in this case you have to add the numerical IP
> of the URL in the ACL.

Squid has a special-case for matching IP addresses. If a valid reverse
lookup is registered then this name is used, else the psuedo-domain
"none".

# Deny IP based requests where no reverse lookup is available
acl unknown_ip dstdomain none
http_access deny unknown_ip
# Deny forbidden sites
acl badsites dstdomain playboy.com ....
http_access deny badsites

---
Henrik Nordström
Sparetime Squid Source Hacker