On 24/03/2012 2:22 a.m., Michał Wiącek wrote:
If I am understanding you right, what you actually want is a whitelist
or blacklist of destinations in the firewall. This would work better
than what Squid can offer with HTTPS.
Yes , whitelist would be best for me
In both cases you have the same problems of figuring out and listing
what destination IP/host are to be blocked or allowed. The firewall can
do it far faster and simpler though.
I know that firewall can do it - but have hundreds of domains name which
need to be resove by dns it overkill my Cisco firewall, for now i have rules
by ipv4 and it is higly loaded, but ip for domains changes sometimes and
giving many troubles ... I want move that to squid proxy (it would be for me
easiest and costless change cause have a lot not used servers)
I could try do it with iptables scripts , but want do it by squid
Squid has the same problem. When comparing IP to domain, the domain must
be resolved during the testing. Every time.
Amos
