ACLs / filter features #11
Comments
|
Yep, it's possible. But first I think we want to focus on ensuring the implementation of what we've already got is correct. But I don't think @sergeyfrolov would be opposed to pull requests! |
|
With accordance to our policy of not overloading forwardproxy with features, I do not intend to implement access control list, that is half as powerful as squid. You can always use newly implemented upstream feature to upstream your requests to local squid. EDIT: Initial design replaced with #11 (comment) |
|
Just a nit, I'd prefer |
I think your approach is good, but it would also be reasonable to make this list be only hostnames, no ports. I don't think ports are necessary here, and the interaction with port whitelisting could get confusing. I also think we do need to allow the user to specify an IP address in this list. The only complexity I see there is that IPv6 addresses can be represented in multiple ways, so we can't just use string equality to check against the list. |
|
I think whitelist and blacklist is needed based in the default policy you try to set up. Port whitelist / restriction would be fine too. Die example to just allow default web ports (80,443,8080) and sind more custom ports? |
|
EDIT: redesign again!! 😬 |
|
Is ip and domain based whitelist possible? |
|
Some times I would whitelist / blacklist domain based because I don't know all the ip addresses Behinderung a domain :) |
|
Yes, IP-based whitelist and blacklist is going to be available. |
|
Implemented (see documentation in README). |
@mholt
Is it planned / possible to add acls / filters to restrict access to destinations by domain / path / ip? Or maybe blacklists / whitelists in files?
The text was updated successfully, but these errors were encountered: