I want to block a domain but except a specific subdomain.
For example, I use test.domain.com as my production environment and deny all access from squid.
But I want allow squid user to access test.demo.domain.com which is a testing environment.
my squid.conf:
acl denylist dstdom_regex ^(?!.*(demo)).*domain\.com$
http_access deny denylist
http_access allow all
I know what's wrong with my regex. Squid regex use GNU regex (see serverfault question) and GNU regex can not understand (?!.*(demo)).
So how to exclude a specific subdomain in GNU regex?
First, you should use negative lookbehind (?<!) instead of negative lookahead (?!). Second, I don't think it can work with ^ as it matches from the beginning of the domain. Third, with .*domain.com it will match
the whole domain anyway, so you should use \.domain.com instead.
The correct regex that doesn't match demo anywhere before .domain.com would be
(?<!(.*demo.*))\.domain\.com
Here, the domain must end with .domain.com and must not contain demo anywhere beforehand in order to match.
There's no need for regex in your case!
You said you need to allow only one specific subdomain. So add this subdomain in a ACL and allow access to it.
acl allowed_subdomain dstdomain test.demo.example.com
acl blocked_domain dstdomain .example.com
http_access allow allowed_subdomain
http_access deny blocked_domain
http_access deny all
Explanation:
Squid will read the config file looking for a match and the first one it encounters it ends it's job.
Related
This Regex finds URLs that begin with http and https
https?:\/\/(www\.)?[-a-zA-Z0-9#:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9#:%_\+.~#?&//=]*)
I am trying to figure out how to modify this to including those URLs which omit the http or https part. I understand that these are called 'Protocol-relative URLs'
example: //example.com and not http://example.com
Simply make the protocol part optional:
(https?:)?(\/\/)?(www\.)?[-a-zA-Z0-9#:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9#:%_\+.~#?&//=]*)
By the way I assume you really wanted example.com and not //example.com (since no one writes a URL that way).
Static Website Hosting is activated.
Is it possible to redirect Amazon S3 objects which consists of trailing forward slashes using redirection rules?
From my understanding when a trailing forward slash object is accessed in the browser (basically a "directory"), S3 defaults to index.html within the directory. However, many of the directories do not consist of an index.html. The "directory" without the trailing slash redirects like expected to the Error Document explicitly set. Accessing the object with the trailing slash will download an empty object, which I am trying to avoid. Preferably I would like to redirect the trailing slash object to the error document.
Sadly this is an S3 issue.
You might be able to workaround the issue using a Lambda#Edge script, but this will increase costs.
If you use Cloudflare or something similar, you can add some redirection rules. Add / before ? and add more rules about parameter you need. Which helped to me.
I just add in Cloudflare URL Query string => contain => utm string params
My recommendation would be to make sure all your marketing campaigns include the trailing slash. This will make your site load faster as well, because it removes one round trip.
I noticed a strange behaviour in firewall pattern configuration in Symfony 2.3 in windows7.
Simply put, if I use this configuration:
support:
pattern: /support/*
My route is recognized and security token put under the right firewall.
If I use a regexp configuration:
support:
pattern: /support/.*
My route isn't recognized any more and security token does not exists.
How is this possible? .* shouldn't be the correct regexp?
That is not a valid pattern with a start delimiter. Try something like this:
support:
pattern:
^/support/
What is the most efficient regex that will match these domains, without having to specify any rules to ignore?
Example matches:
domain.com
test.com
example.net
company.org
Example Ignore:
dev.domain.com
m.domain.com
www.domain.com
Any top level domain is possible. Essentially I am trying to make sure the domain doesnt already have a 3rd level.
To match a domain with any TLD use this:
^[^.\s]+\.[^.\s]+$
I ask this question here because I think this is more a regex question than an actual varnish question.
What I basically want to do, is to define a list of domains that varnish will cache. There is already an answer given to this, but I want to use a different approach.
Varnish: cache only specific domain
Now the code that is used in this answer is the following:
sub vcl_recv {
# dont cache foo.com or bar.com - optional www
if (req.http.host ~ "(www)?\.(foo|bar)\.com") {
pass;
}
# cache foobar.com - optional www
if ( req.http.host ~ "(www)?\.foobar\.com" ) {
lookup;
}
}
Now what I want is a little different. I have names with different TLD, but I only want to have the non-www version of the domain cached.
So only mydomain.com, or myotherdomain.nl, or yadomain.net
Any other subdomain can be passed to the backend.
If I'm reading your question correctly you have a list with multiple versions of the same website, so both www.foobar.com AND/OR foobar.com and you want to match ONLY foobar.com
If so, you need to back reference with (?<!www). So a search that would only match domains without the preceding www would be (?<!www\.)((?:[^.\s]+)\.(?:com|net|nl))
Hope that helps
EDIT
(?<!www\.)((?:[^.\s]+)\.(?:\w{2,3})) if domains are unknown