Can squid block an access to the specific IP-address which is resolved with a domain name

pacPROXYsquid

I have a .pac file like below.

if (dnsDomainIs(host, ".example.com")) {
    hostip = dnsResolve(host);
    if (isInNet(hostip, "202.0.0.0", "255.255.255.0")) {
        return "DIRECT";
    }
}

Now I'd like to convert this into squid.conf.

A client wants to access to example.com whose IP address would be changed everyday. If the destination IP is in the range 202.0.0.0/24, I need to change the proxy routing(Direct, proxy-A, proxy-B and so on).

I know how to change the proxies with squid.conf but I don't know how to define the access which would access into the IP range from just a domain name. I think squid knows only the destination domain name.

If the client accesses with IP, I can distinguish it. Though if the client accesses with a domain name, I can't.

Does anybody know a squid option for this?

Best Answer

You can achieve this by setting up combined ACLs that only trigger on a match on dstdomain and dst.

acl addom dstdomain example.com
acl addst dst 202.0.0.0/24
always_direct allow addst addom
Related Topic