squidGuard: allowlist and subdomains
-
Hi everyone,
I am still struggeling with our squidGuard setup at our school.
The plan: Only allow certain websites for our students and deny all others.
The implementation: For every website/service I want to allow, I've added a target category and specified all (known) domains in the "Domain List". I also added a Group ACL for our students network. I set all target categories to "whitelist" and set "Default Access [all]" to "deny".
....
It works quite well, except I do not quite understand how this setup handles subdomains.
My investigation: when I added "apple.com" to the domain list of a target category, "itunes.apple.com" is blocked. But for our school domain, I only added "hgg-broich.de" and no subdomain is blocked (like foo.hgg-broich.de).
So my question is: how does squidGuard handle subdomains in my "deny all but..." setup? And my followup question: how can I make subdomains work?
Regards
Marcel -
@mrit
Okay, figured it out myself (and with the help of the WayBackMachine). Turns out, subdomains are only included for a domain if the domain is the only entry in the domain list.So makes it very hard for me, to also add subdomains (as wildcard) to my allowlist. Maybe it works using regular expressions...
Source: https://web.archive.org/web/20210727190453/http://www.squidguard.org/Doc/aboutblocking.html