[6217] in bugtraq
Re: Simple way to bypass squid ACLs
daemon@ATHENA.MIT.EDU (Henrik Nordstrom)
Tue Mar 3 21:47:27 1998
Date: Wed, 4 Mar 1998 00:21:05 +0100
Reply-To: hno@HEM.PASSAGEN.SE
From: Henrik Nordstrom <hno@HEM.PASSAGEN.SE>
X-To: mauro@INTER-SOFT.COM
To: BUGTRAQ@NETSPACE.ORG
Mauro Lacy wrote:
> You can also replace the URL by its numerical IP address(at least thi=
s
> works for the proxy of my company) eg.:
This is a well known problem with access control in proxies.
> I suppose that in this case you have to add the numerical IP
> of the URL in the ACL.
Squid has a special-case for matching IP addresses. If a valid reverse
lookup is registered then this name is used, else the psuedo-domain
"none".
# Deny IP based requests where no reverse lookup is available
acl unknown_ip dstdomain none
http_access deny unknown_ip
# Deny forbidden sites
acl badsites dstdomain playboy.com ....
http_access deny badsites
---
Henrik Nordstr=F6m
Sparetime Squid Source Hacker
