December 13, 2017, 11:06:05 AM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: ACL for ip against domain name.  (Read 2221 times)

Offline ramchauhan

  • New Member
  • Posts: 3
ACL for ip against domain name.
« on: December 12, 2008, 10:37:15 AM »
Scenario:
I write an acl to restrict a site say xxx.com, and this works perfect. But I can bypass this acl simply by typing the ip address of xxx.com
How do I handle such situation.

Regards
Ram.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Re: ACL for ip against domain name.
« Reply #1 on: December 12, 2008, 07:52:25 PM »
I guess Squid can block remote domains only, ip based blocking of website is not there. Anyways, still you can use Iptables to block IP of website.

Use following :
Code: [Select]
iptables -I INPUT -s XXX.XXX.XXX.XXX -j DROP where xxx.xxx.xxx.xxx stands for ip of website.

Offline ramchauhan

  • New Member
  • Posts: 3
Re: ACL for ip against domain name.
« Reply #2 on: December 13, 2008, 04:03:49 AM »
Thanks Ricky for your prompt reply.
But the scenario was only a example, what if a want to block a entire category of porn sites,
the blacklist which I have contains around lacs of entries, and all are blocked when one tries to access it. Keying in IP of any restricted domain will allow it.

Regards
Ram.

Offline Ricky

  • LST CareTaker
  • Specially Skilled
  • *****
  • Posts: 2381
Re: ACL for ip against domain name.
« Reply #3 on: December 13, 2008, 11:01:07 PM »
well.. yes it will allow if directly accessed via IP.

I guess you can only block frequently accessed one via IP, blocking rest should be done via squid "word" filtering.

Offline ramchauhan

  • New Member
  • Posts: 3
Re: ACL for ip against domain name.
« Reply #4 on: December 14, 2008, 06:23:45 AM »
Thanks Ricky.

What i was thinking is there has to be a way where in if ip is keyed in  to access a web site it should first resolve it to its domain name and if this is achieved the site will be blocked as it is in acl. UTMs like Cyberoam,Sonicwall and Fortigate are easily doing this.