-
Notifications
You must be signed in to change notification settings - Fork 228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACLs / filter features #11
Comments
Yep, it's possible. But first I think we want to focus on ensuring the implementation of what we've already got is correct. But I don't think @sergeyfrolov would be opposed to pull requests! |
With accordance to our policy of not overloading forwardproxy with features, I do not intend to implement access control list, that is half as powerful as squid. You can always use newly implemented upstream feature to upstream your requests to local squid. EDIT: Initial design replaced with #11 (comment) |
Just a nit, I'd prefer |
I think your approach is good, but it would also be reasonable to make this list be only hostnames, no ports. I don't think ports are necessary here, and the interaction with port whitelisting could get confusing. I also think we do need to allow the user to specify an IP address in this list. The only complexity I see there is that IPv6 addresses can be represented in multiple ways, so we can't just use string equality to check against the list. |
I think whitelist and blacklist is needed based in the default policy you try to set up. Port whitelist / restriction would be fine too. Die example to just allow default web ports (80,443,8080) and sind more custom ports? |
EDIT: redesign again!! 😬 |
Is ip and domain based whitelist possible? |
Some times I would whitelist / blacklist domain based because I don't know all the ip addresses Behinderung a domain :) |
Yes, IP-based whitelist and blacklist is going to be available. |
Implemented (see documentation in README). |
@mholt
Is it planned / possible to add acls / filters to restrict access to destinations by domain / path / ip? Or maybe blacklists / whitelists in files?
The text was updated successfully, but these errors were encountered: