Feature #4400
closed
allow aliases to enter *.domain.com to block all subdomains
0%
Description
it would be better if aliases allowed to enter a * before domain in order to block all different subdomain ips for a single domain, would be very effective for filtering traffic to certain sites and their services which cant be filtered by squid in transparent mode and https.
second option would be to allow regex entries but i know that would be a little tough considering the firewall table needs ip addresses to filter.
Updated by Jim Pingle about 9 years ago
- Status changed from New to Rejected
That is not possible. Entries must be resolved accurately to have their addresses placed into a table. There is no way, short of sniffing/capturing/proxying DNS, to detect "*.domain.tld", and that is not currently possible nor compatible with the alias mechanisms.
Relying on reverse DNS resolution would be very slow and highly inaccurate for the purpose as well.
Updated by Bipin Chandra about 9 years ago
well one way possible would be to set domain overrides in dns resolver but the problem there is the override applies to all LAN clients, probably some way to apply those overrides per client would be better if thats even possible