trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Leif Hedstrom <zw...@apache.org>
Subject Re: forward proxy - Restricting domains.
Date Fri, 09 Jan 2015 02:56:27 GMT

> On Jan 8, 2015, at 10:53 AM, Paul Tader <ptader@collectivei.com> wrote:
> 
> We have a forward only proxy server configured. How can I restrict a internal IP address
or IP address range to only be able to proxy certain top level domains (ie google.com <http://google.com/>,
yahoo.com <http://yahoo.com/>, etc)?  I’ve read a lot on remapping, but I don’t
think that is the correct approach.


DNS blackholing as suggested seems like a reasonable solution. If your list of domains is
smallish, then something in remap.config might work as well. I’ve done this in the past,
blocking all but a few HTTPS sites (via setting remap.required to 1 in records.config). The
other option is to allow all sites, but list the ones that you intend to block (map them to
some nonexistent domain or IP, e.g. 10.0.0.0).

 Fwiw, remap rules like this with CONNECT methods only works in 5.0.0 and later.

— Leif


Mime
View raw message