single acl analysis

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

single acl analysis

Matus UHLAR - fantomas
Hello,

I'm going to migrate squid server to new machine and found this ACL:

acl freedst1 dstdom_regex -i www\.___\.sk none

http_access allow freedst1

I believe it could be replaces by:

acl freedst1 dstdomain -i www.___.sk

which would allow connection to said website.  However the "none" part
confuses me. According to the docs:

The name "none" is used if the reverse lookup fails.

does that mean the directives above allow access to any site without rDNS?

--
Matus UHLAR - fantomas, [hidden email] ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Silvester Stallone: Father of the RISC concept.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: single acl analysis

Amos Jeffries
Administrator
On 19/11/19 3:42 am, Matus UHLAR - fantomas wrote:

> Hello,
>
> I'm going to migrate squid server to new machine and found this ACL:
>
> acl freedst1 dstdom_regex -i www\.___\.sk none
>
> http_access allow freedst1
>
> I believe it could be replaces by:
>
> acl freedst1 dstdomain -i www.___.sk
>
> which would allow connection to said website.  However the "none" part
> confuses me. According to the docs:
>
> The name "none" is used if the reverse lookup fails.
>
> does that mean the directives above allow access to any site without rDNS?
>

Yes, exactly so.

Amos
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users