Created
September 19, 2019 19:55
-
-
Save tehlers320/a70b37d11f0e91a5534bcf6f30485281 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| cat ./orbitz-chef/cookbooks/system/resources/squid_client.rb | |
| actions :add, :remove | |
| default_action :add | |
| attribute :http_env, :kind_of => String, :regex => /.*/, :default => "HTTP_PROXY" | |
| attribute :https_env, :kind_of => String, :regex => /.*/, :default => "HTTPS_PROXY" | |
| tehlers@MAC~/git/Orbitz-Legacy$ cat ./orbitz-chef/cookbooks/system/providers/squid_client.rb | |
| use_inline_resources if defined?(use_inline_resources) | |
| def whyrun_supported? | |
| true | |
| end | |
| action :add do | |
| template "/etc/profile.d/squid.sh" do | |
| cookbook "system" | |
| source "squid/sh.erb" | |
| owner "root" | |
| group "root" | |
| mode 0644 | |
| variables(:http_proxy_key => new_resource.http_env, | |
| :https_proxy_key => new_resource.https_env, | |
| :http_proxy => node["system"]["proxy"]["http"], | |
| :https_proxy => node["system"]["proxy"]["http"]) | |
| end | |
| template "/etc/profile.d/squid.csh" do | |
| cookbook "system" | |
| source "squid/csh.erb" | |
| owner "root" | |
| group "root" | |
| mode 0644 | |
| variables(:http_proxy_key => new_resource.http_env, | |
| :https_proxy_key => new_resource.https_env, | |
| :http_proxy => node["system"]["proxy"]["http"], | |
| :https_proxy => node["system"]["proxy"]["http"]) | |
| end | |
| end | |
| action :remove do | |
| file "/etc/profile.d/squid.sh" do | |
| action :delete | |
| end | |
| file "/etc/profile.d/squid.csh" do | |
| action :delete | |
| end | |
| end | |
| cat ./orbitz-chef/roles/squid-proxy.rb | |
| name "squid-proxy" | |
| description "The Squid Proxy machines" | |
| run_list [ | |
| "recipe[chef-client::delete_validation]", | |
| "recipe[chef-client::service]", | |
| "recipe[system]", | |
| "recipe[security]", | |
| "recipe[tanium]", | |
| "recipe[scs_splunkforwarder]", | |
| "recipe[scs_cylance]", | |
| "recipe[logging::rsyslog]", | |
| "recipe[esm]", | |
| # The chef upgrade should always be last | |
| "recipe[system::chef-upgrade]" | |
| ] | |
| default_attributes "wrw" => { | |
| :template => { :os=> "centos6.9", :size => "30G", :version => "1.1" }, | |
| :offering => { :cores=> "2", :ram => "4G" } | |
| }, | |
| "owner_email" => "[email protected]" | |
| cat ~/SRE/squid.prod | |
| # squid 3.1.4 configuration (i.e. CentOS 6) | |
| ########################################### | |
| ################## | |
| ### PRODUCTION ### | |
| ################## | |
| ################## | |
| # Using the transparent proxy port | |
| http_port 3128 | |
| # Explicitly set the file descriptor limit to 16k | |
| # There's a bug in Squid 3.1 where it does not properly honor the squid user's ulimit so we must set this manually | |
| max_filedescriptors 16384 | |
| ## Logging | |
| # Turn on logging | |
| #Disable squid format logging | |
| #access_log /var/log/squid/access.log squid | |
| # Easy to read logging | |
| logformat easy_access %{%F %T}tl %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt | |
| access_log /var/log/squid/easy_access.log easy_access | |
| ### ACLs ### | |
| ## Network access | |
| # We may want to specify this to help with environments later. | |
| acl allowed_srcnetworks src 10.235.0.0/16 | |
| acl allowed_srcnetworks src 10.236.0.0/16 | |
| acl allowed_srcnetworks src 10.253.0.0/16 | |
| acl allowed_srcnetworks src 10.115.0.0/16 | |
| acl allowed_srcnetworks src 10.116.0.0/16 | |
| acl allowed_srcnetworks src 10.222.114.0/24 | |
| acl allowed_srcnetworks src 10.222.117.0/24 | |
| acl allowed_srcnetworks src 10.254.128.0/24 | |
| acl allowed_srcnetworks src 10.100.0.0/16 | |
| acl allowed_srcnetworks src 10.200.0.0/16 | |
| acl allowed_srcnetworks src 127.0.0.1 | |
| ## Remote port access | |
| # Only allow connections to these ports. | |
| acl allowed_dstports port 20 | |
| acl allowed_dstports port 21 | |
| acl allowed_dstports port 22 | |
| acl allowed_dstports port 80 | |
| acl allowed_dstports port 162 | |
| acl allowed_dstports port 443 | |
| acl allowed_dstports port 873 | |
| acl allowed_dstports port 27837 | |
| acl allowed_dstports port 5938 | |
| acl allowed_dstports port 5222 | |
| acl allowed_dstports port 5223 | |
| acl allowed_dstports port 2222 | |
| acl allowed_dstports port 5454 | |
| acl allowed_dstports port 5000 | |
| acl allowed_dstports port 7585 | |
| acl allowed_dstports port 8502 | |
| acl allowed_dstports port 8983 | |
| #LPN-729 | |
| acl allowed_dstports port 2700 | |
| acl allowed_dstports port 8502 | |
| acl allowed_dstports port 9443 | |
| acl allowed_dstports port 27100 | |
| #RFC0054695 | |
| acl allowed_dstports port 50080 | |
| acl ftp_port port 21 | |
| acl ftp proto FTP | |
| ## acl for only http/https use this acl just for http/https | |
| acl allow_onlyhttphttps port 80 | |
| acl allow_onlyhttphttps port 443 | |
| acl CONNECT method CONNECT | |
| #SNG-2158 allow passive ftp | |
| acl allowed_passiveftp port 1025-65535 | |
| acl allow_ftpdomains dstdomain ftp.witthaus.com | |
| acl allow_ftpdomains dstdomain .joinvacation.com | |
| acl allow_ftpdomains dstdomain .mrtgrp.com | |
| acl allow_ftpdomains dstdomain .hawaiianair.com | |
| acl allow_ftpdomains dstdomain .tzell.com | |
| acl allow_ftpdomains dstdomain .wth.com | |
| acl allow_ftpdomains dstdomain .choosechicago.com | |
| acl allow_ftpnetworks dst 203.166.123.156 | |
| acl allow_ftpnetworks dst 69.20.71.10 | |
| acl allow_ftpnetworks dst 65.107.181.217 | |
| acl allow_ftpnetworks dst 209.202.133.83 | |
| acl allow_ftpnetworks dst 38.105.168.226 | |
| acl allow_ftpnetworks dst 206.19.237.91 | |
| #CHG0246214 | |
| acl allow_ftpnetworks dst 64.28.100.217 | |
| ## Remote host access | |
| # Only allow connections to these hosts. | |
| acl allowed_dstdomains dstdomain repos.fedorapeople.org | |
| acl allowed_dstdomains dstdomain media.away.com | |
| acl allowed_dstdomains dstdomain .vmware.com | |
| acl allowed_dstdomains dstdomain .enable-javascript.com | |
| acl allowed_dstdomains dstdomain .vibsdepot.hp.com | |
| acl allowed_dstdomains dstdomain .microsoft.com | |
| acl allowed_dstdomains dstdomain .live.com | |
| acl allowed_dstdomains dstdomain .windowsupdate.com | |
| acl allowed_dstdomains dstdomain .fedoraproject.org | |
| acl allowed_dstdomains dstdomain mirror.math.princeton.edu | |
| acl allowed_dstdomains dstdomain .python.org | |
| # CRQ-85896 / Jira OFB-3331 | |
| acl allowed_dstdomains dstdomain xml.railgds.net | |
| acl allowed_dstdomains dstdomain xml-cert.railgds.net | |
| acl allowed_dstdomains dstdomain xml-cert2.railgds.net | |
| acl allowed_dstdomains dstdomain xml-cert-nex.railgds.net | |
| acl allowed_dstdomains dstdomain xml-cert-pre.railgds.net | |
| # CRQ-92008 / Jira OFB-3860 /RFC0029489 | |
| acl allowed_dstdomains dstdomain superconnect.groundtravel.com | |
| acl allowed_dstdomains dstdomain superconnect-qa.groundtravel.com | |
| acl allowed_dstdomains dstdomain www.seeuthere.com | |
| acl allowed_dstdomains dstdomain www.balwebservice.com | |
| acl allowed_dstdomains dstdomain partnerdev.devlab.iers.ihost.com | |
| acl allowed_dstdomains dstdomain api.tripit.com | |
| acl allowed_dstdomains dstdomain www.tripit.com | |
| acl allowed_dstdomains dstdomain m.tripit.com | |
| # CRQ-86173 | |
| acl allowed_dstdomains dstdomain data.vast.com | |
| # RFC-9567 | |
| acl allowed_dstdomains dstdomain www.orcwebservice.com | |
| # RFC-35490 | |
| acl allowed_dstdomains dstdomain .tdrnr.com | |
| # RFC-36100 | |
| acl allowed_dstdomains dstdomain .rstudio.com | |
| # RFC-13842 | |
| acl allowed_dstdomains dstdomain socialize.gigya.com | |
| #RFC-11956 | |
| acl allowed_dstdomains dstdomain ud-uatprod.pegs.com | |
| #RFC0024575 | |
| acl allowed_dstdomains dstdomain www.concursolutions.com | |
| #sng-1804 | |
| acl allowed_dstdomains dstdomain .parse.com | |
| # RFC-12237 | |
| acl allowed_dstdomains dstdomain ud-uat.pegs.com | |
| #SNG-1797 | |
| acl allowed_dstdomains dstdomain .bwlservice.com | |
| acl allowed_dstdomains dstdomain webservices.atbmyrewards.com | |
| # RFC-12070 | |
| acl allowed_dstdomains dstdomain hosted.datascope.reuters.com | |
| # RFC-11261 | |
| acl allowed_dstdomains dstdomain update.zenoss.org | |
| # RFC-11339 | |
| acl allowed_dstdomains dstdomain whois.arin.net | |
| # RFC-11060 | |
| acl allowed_dstdomains dstdomain centinel300.cardinalcommerce.com | |
| # RFC-11062 | |
| # RFC-935 | |
| acl allowed_dstdomains dstdomain webservices-uat.pegs.com | |
| # CRQ-87642 | |
| acl allowed_dstdomains dstdomain affiliates.hotelclub.com | |
| # CRQ-91123 | |
| acl allowed_dstdomains dstdomain www.dealbase.com | |
| # CRQ-92948 | |
| acl allowed_dstdomains dstdomain feed2js.org | |
| # CRQ-93077 | |
| acl allowed_dstdomains dstdomain enterprise.mysql.com | |
| acl allowed_dstdomains dstdomain support.mysql.com | |
| # CRQ-94169 | |
| acl allowed_dstdomains dstdomain api-verify.recaptcha.net | |
| # CRQ-95206 | |
| acl allowed_dstdomains dstdomain r2.efrontier.com | |
| # CRQ-95374 | |
| acl allowed_dstdomains dstdomain away.whatcounts.com | |
| acl allowed_dstdomains dstdomain .facebook.com | |
| #RFC-15111 | |
| acl allowed_dstdomains dstdomain .service-now.com | |
| #RFC0017424 | |
| acl allowed_dstdomains dstdomain .appannie.com | |
| #RFC0018947 | |
| acl allowed_dstdomains dstdomain .vfmii.com | |
| acl allowed_dstdomains dstdomain .oww.root.lcl | |
| #RFC0026025 | |
| acl allowed_dstdomains dstdomain .rewardsmall.biz | |
| # RFC 15646 | |
| acl allowed_dstdomains dstdomain ocsp.verisign.net | |
| acl allowed_dstdomains dstdomain crl.verisign.net | |
| # CRQ-95878 | |
| acl allowed_dstdomains dstdomain .marketingsolutions.yahoo.com | |
| acl allowed_dstdomains dstdomain .ysm.yahoodns.net | |
| acl allowed_dstdomains dstdomain schemas.xmlsoap.org | |
| acl allowed_dstdomains dstdomain adcenter.microsoft.com.nsatc.net | |
| acl allowed_dstdomains dstdomain adcenterapi.microsoft.com.nsatc.net | |
| acl allowed_dstdomains dstdomain adcenterapidownload.microsoft.com.nsatc.net | |
| acl allowed_dstdomains dstdomain sharedservices.adcenterapi.microsoft.com.nsatc.net | |
| #RFC0030256 | |
| acl allowed_dstdomains dstdomain registry.npmjs.org | |
| # CRQ 95651 | |
| acl allowed_dstdomains dstdomain travel.data.vast.com | |
| # CRQ 96288 | |
| acl allowed_dstdomains dstdomain .omniture.com | |
| # CRQ-100728 | |
| acl allowed_dstdomains dstdomain www.cfmedia.vfmleonardo.com | |
| acl allowed_dstdomains dstdomain .cloudfront.net | |
| #INS-2978 | |
| acl allowed_dstdomains dstdomain gateway.americas.allianzassistance.com | |
| acl allowed_dstdomains dstdomain qagateway.americas.allianzassistance.com | |
| acl allowed_dstdomains dstdomain uatgateway.americas.allianzassistance.com | |
| # Needed for Solaris downloads | |
| # CRQ-102282 | |
| # Commented out as it's added since it's needed by SYSENG. | |
| # acl allowed_dstdomains dstdomain ccr.oracle.com | |
| acl allowed_dstdomains dstdomain transport.sun.com | |
| #config to upload sun explorer | |
| acl allowed_dstdomains dstdomain supportfiles.sun.com | |
| # CRQ-102785 | |
| acl allowed_dstdomains dstdomain deals.trip.travelscream.com | |
| acl allowed_dstdomains dstdomain clientcache.travelscream.com | |
| acl allowed_dstdomains dstdomain cdnet1.travelscream.com | |
| acl allowed_dstdomains dstdomain n3.panthercdn.com | |
| # CRQ-103646 BloomReach domains | |
| acl allowed_dstdomains dstdomain bsapi-e.brsrvr.com | |
| acl allowed_dstdomains dstdomain bsapi-test.brsrvr.com | |
| acl allowed_dstdomains dstdomain .amazonaws.com | |
| # CRQ-106656 | |
| acl allowed_dstdomains dstdomain sftp.webtrends.com | |
| # RFC-14500 | |
| acl allowed_dstdomains dstdomain ftp.worldspan.net | |
| # CRQ-107694 | |
| acl allowed_dstdomains dstdomain asptest.expenseanywhere.com | |
| # CRQ-###### | |
| acl allowed_dstdomains dstdomain .kernel.org | |
| acl allowed_dstdomains dstdomain mirror.ncsa.illinois.edu | |
| acl allowed_dstdomains dstdomain mirror.anl.gov | |
| acl allowed_dstdomains dstdomain mirror.cs.pitt.edu | |
| acl allowed_dstdomains dstdomain vault.centos.org | |
| acl allowed_dstdomains dstdomain debuginfo.centos.org | |
| acl allowed_dstdomains dstdomain mirror.centos.org | |
| acl allowed_dstdomains dstdomain .oracle.com | |
| acl allowed_dstdomains dstdomain .ubuntu.com | |
| acl allowed_dstdomains dstdomain .opscode.com | |
| acl allowed_dstdomains dstdomain cloudstack.apt-get.eu | |
| acl allowed_dstdomains dstdomain sunfreeware.mirrors.tds.net | |
| acl allowed_dstdomains dstdomain downloads.linux.hp.com | |
| acl allowed_dstdomains dstdomain ftp.hp.com | |
| acl allowed_dstdomains dstdomain .infoblox.com | |
| # Emergenc 20110829 1259 | |
| acl allowed_dstdomains dstdomain .perl.org | |
| acl allowed_dstdomains dstdomain cpan.cs.utah.edu | |
| # Emergency change for ebookers DOS captcha fix | |
| acl allowed_dstdomains dstdomain www.captchas.net | |
| # CRQ-110218 | |
| acl allowed_dstdomains dstdomain services.onthesnow.com | |
| acl allowed_dstdomains dstdomain blog.trip.com | |
| # CRQ-110712 | |
| acl allowed_dstdomains dstdomain .gomeznetworks.com | |
| acl allowed_dstdomains dstdomain .edgekey.net | |
| acl allowed_dstdomains dstdomain .akamaiedge.net | |
| # RFC 17819 | |
| acl allowed_dstdomains dstdomain .internetpulse.net | |
| # RFC 17881 | |
| acl allowed_dstdomains dstdomain .maxmind.com | |
| # RFC 15005 | |
| acl allowed_dstdomains dstdomain .gomez.com | |
| # RFC 23021 | |
| acl allowed_dstdomains dstdomain .ql2.com | |
| # RFC 24159 | |
| acl allowed_dstdomains dstdomain .connectrmwebservices.com | |
| # RFC 24231 | |
| acl allowed_dstdomains dstdomain .alldata.net | |
| # CRQ000000111653 | |
| #RFC-20285 | |
| acl allowed_dstdomains dstdomain .paypal.com | |
| # CRQ112313 | |
| acl allowed_dstdomains dstdomain .responsys.net | |
| # Needed for CDH repository | |
| acl allowed_dstdomains dstdomain archive.mapr.com | |
| # RFC221 | |
| acl allowed_dstdomains dstdomain away.prd.xif.com | |
| # RFC52 | |
| acl allowed_dstdomains dstdomain www.demandmatrix.net | |
| acl allowed_dstdomains dstdomain partner.hbsconnect.com | |
| acl allowed_dstdomains dstdomain uat.hbsconnect.com | |
| # RFC463 | |
| acl allowed_dstdomains dstdomain www.ratestogo.com | |
| # RFC769 | |
| # RFCn | |
| acl allowed_dstdomains dstdomain webservices.as.sabre.com | |
| #RFC0000487 | |
| acl allowed_dstdomains dstdomain sws-crt.as.cert.sabre.com | |
| # RFC839 | |
| acl allowed_dstdomains dstdomain blogs.away.com | |
| # RFC3083 | |
| acl allowed_dstdomains dstdomain www.urbanadventures.com | |
| # RFC-3243 | |
| acl allowed_dstdomains dstdomain .netfundstest.com | |
| # RFC766 | |
| acl allowed_dstdomains dstdomain away.com | |
| acl allowed_dstdomains dstdomain travelnet.aigtravel.com | |
| acl allowed_dstdomains dstdomain waatsgatexml.aigtravel.com | |
| acl allowed_dstdomains dstdomain .expedia.com | |
| acl allowed_dstdomains dstdomain vfmleonardo.com | |
| acl allowed_dstdomains dstdomain .hotels.com | |
| acl allowed_dstdomains dstdomain onstreammedia.com | |
| acl allowed_dstdomains dstdomain .travelocity.com | |
| acl allowed_dstdomains dstdomain .insurancebookers.be | |
| acl allowed_dstdomains dstdomain .insurancebookers.de | |
| acl allowed_dstdomains dstdomain .insurancebookers.es | |
| acl allowed_dstdomains dstdomain .insurancebookers.fr | |
| acl allowed_dstdomains dstdomain .insurancebookers.ie | |
| acl allowed_dstdomains dstdomain .insurancebookers.it | |
| acl allowed_dstdomains dstdomain .insurancebookers.nl | |
| acl allowed_dstdomains dstdomain .insurancebookers.com | |
| acl allowed_dstdomains dstdomain .insurancebookers.co.uk | |
| acl allowed_dstdomains dstdomain orbitz-ir.com | |
| acl allowed_dstdomains dstdomain .opencuba.org | |
| acl allowed_dstdomains dstdomain phx.corporate-ir.net | |
| acl allowed_dstdomains dstdomain .ccbn.com | |
| acl allowed_dstdomains dstdomain .ebookers.com | |
| acl allowed_dstdomains dstdomain .carbookers.com | |
| acl allowed_dstdomains dstdomain .tnetnoc.com | |
| acl allowed_dstnetworks dst 198.151.60.0/23 | |
| acl allowed_dstnetworks dst 216.75.197.71 | |
| acl allowed_dstnetworks dst 72.3.207.49 | |
| #SNG-2017 add all google IP blocks | |
| acl allowed_dstnetworks dst 108.170.192.0/18 | |
| acl allowed_dstnetworks dst 108.177.0.0/17 | |
| acl allowed_dstnetworks dst 142.250.0.0/15 | |
| acl allowed_dstnetworks dst 172.217.0.0/16 | |
| acl allowed_dstnetworks dst 172.253.0.0/16 | |
| acl allowed_dstnetworks dst 173.194.0.0/16 | |
| acl allowed_dstnetworks dst 192.178.0.0/15 | |
| acl allowed_dstnetworks dst 198.108.100.192/28 | |
| acl allowed_dstnetworks dst 207.223.160.0/20 | |
| acl allowed_dstnetworks dst 209.185.108.128/25 | |
| acl allowed_dstnetworks dst 209.85.128.0/17 | |
| acl allowed_dstnetworks dst 216.109.75.80/28 | |
| acl allowed_dstnetworks dst 216.239.32.0/19 | |
| acl allowed_dstnetworks dst 216.58.192.0/19 | |
| acl allowed_dstnetworks dst 4.3.2.0/24 | |
| acl allowed_dstnetworks dst 64.233.160.0/19 | |
| acl allowed_dstnetworks dst 64.68.64.64/26 | |
| acl allowed_dstnetworks dst 64.68.80.0/21 | |
| acl allowed_dstnetworks dst 64.68.88.0/21 | |
| acl allowed_dstnetworks dst 66.102.0.0/20 | |
| acl allowed_dstnetworks dst 66.249.64.0/19 | |
| acl allowed_dstnetworks dst 70.32.128.0/19 | |
| acl allowed_dstnetworks dst 72.14.192.0/18 | |
| acl allowed_dstnetworks dst 74.125.0.0/16 | |
| acl allowed_dstnetworks dst 8.8.4.0/24 | |
| acl allowed_dstnetworks dst 8.8.8.0/24 | |
| ############ END GOOGLE BLOCK########### | |
| #RFC32748 | |
| acl allowed_dstnetworks dst 216.201.108.38 | |
| acl allowed_dstnetworks dst 216.201.109.44 | |
| acl allowed_dstnetworks dst 216.201.108.45 | |
| acl allowed_dstnetworks dst 216.201.108.55 | |
| # RFC4516 | |
| acl allowed_dstnetworks dst 69.20.71.10 | |
| # RFC1366 | |
| acl allowed_dstdomains dstdomain sales.liveperson.net | |
| acl allowed_dstdomains dstdomain gateway.worldaccess.com | |
| acl allowed_dstdomains dstdomain www.securesurveywave.com | |
| acl allowed_dstdomains dstdomain surveywave.com | |
| acl allowed_dstdomains dstdomain www.wrightexpresscorpcard.com | |
| # RFC-27922 | |
| acl allowed_dstdomains dstdomain .rg-products.com | |
| # RFC897 | |
| acl allowed_dstdomains dstdomain ccuapi.akamai.com | |
| acl allowed_dstdomains dstdomain ccuapi.ccu.akadns.net | |
| # RFC1027 | |
| acl allowed_dstdomains dstdomain asp1.expenseanywhere.com | |
| ## Disallow cache on certain domains. | |
| acl nocache_dstdomains dstdomain .revolutionanalytics.com | |
| # RFC-1267 View RFC-340 | |
| acl allowed_dstdomains dstdomain .wikitravel.org | |
| # RFC-1280 | |
| acl allowed_dstdomains dstdomain .livingsocial.com | |
| # RFC-1316 | |
| acl allowed_dstdomains dstdomain itabis.itasoftware.com | |
| # RFC-1591 | |
| acl allowed_dstdomains dstdomain notify.in.tellme.com | |
| # INC0077631 | |
| acl allowed_dstdomains dstdomain notify.outbound.tellme.com | |
| # RFC-1808 | |
| acl allowed_dstdomains dstdomain www.limos.com | |
| # RFC-4981 | |
| acl allowed_dstdomains dstdomain .rest.akismet.com | |
| #RFC 2217 | |
| acl allowed_dstdomains dstdomain webservices.pegs.com | |
| #RFC 2399 | |
| acl allowed_dstdomains dstdomain .atlassian.com | |
| acl allowed_dstdomains dstdomain .feedburner.com | |
| acl allowed_dstdomains dstdomain .twitter.com | |
| acl allowed_dstdomains dstdomain .orbitz.com | |
| acl allowed_dstdomains dstdomain .orbitz.net | |
| acl allowed_dstdomains dstdomain .cheaptickets.com | |
| acl allowed_dstdomains dstdomain www.wotzwot.com | |
| acl allowed_dstdomains dstdomain .google.com | |
| acl allowed_dstdomains dstdomain .gstatic.com | |
| acl allowed_dstdomains dstdomain .bing.com | |
| acl allowed_dstdomains dstdomain .flite.com | |
| acl allowed_dstdomains dstdomain .youtube.com | |
| acl allowed_dstdomains dstdomain .nessus.org | |
| #RFC31345 | |
| acl allowed_dstdomains dstdomain easyrewards.tdbank.com | |
| #RFC-2426 | |
| acl allowed_dstdomains dstdomain gateway.americas.allianz-assistance.com | |
| acl allowed_dstdomains dstdomain uatgateway.americas.allianz-assistance.com | |
| #RFC-2415 | |
| acl allowed_dstdomains dstdomain uatgateway.mondialusa.com | |
| acl allowed_dstdomains dstdomain gateway.mondialusa.com | |
| #RFC-2622 | |
| acl allowed_dstdomains dstdomain .gems.rubyforge.org | |
| acl allowed_dstdomains dstdomain .rubygems.org | |
| acl allowed_dstdomains dstdomain .gitorious.org | |
| acl allowed_dstdomains dstdomain rubygems.global.ssl.fastly.net | |
| #RFC-2747 | |
| acl allowed_dstdomains dstdomain .github.com | |
| #Netapp proxy rules | |
| acl allowed_dstdomains dstdomain .netapp.com | |
| #RFC0003023 | |
| acl allowed_dstdomains dstdomain partner.gers.ihost.com | |
| #RFC0003090 | |
| acl allowed_dstdomains dstdomain .myagentdesktop.com | |
| acl allowed_dstdomains dstdomain www.hotelclub.com | |
| acl allowed_dstdomains dstdomain .iseatz.com | |
| #RFC0003029 | |
| acl allowed_dstdomains dstdomain Udorb2avail.pegs.com | |
| ##RFC0002672 | |
| acl allowed_dstdomains dstdomain api.travelfusion.com | |
| acl allowed_dstdomains dstdomain apipri.travelfusion.com | |
| acl allowed_dstdomains dstdomain api.pri.travelfusion.com | |
| acl allowed_dstdomains dstdomain apialt.travelfusion.com | |
| acl allowed_dstdomains dstdomain api.alt.travelfusion.com | |
| #RFC0003773 | |
| acl allowed_dstdomains dstdomain www.explore.co.uk | |
| #RFC0003822 | |
| acl allowed_dstdomains dstdomain services.encompass-suite.com | |
| #RFC0003845 | |
| acl allowed_dstdomains dstdomain interface.octopustravel.com | |
| acl allowed_dstdomains dstdomain .gta-travel.com | |
| #RFC0004063 | |
| acl allowed_dstdomains dstdomain .triseptapi.com | |
| #RFC0004168 | |
| acl allowed_dstdomains dstdomain .travelport.com | |
| #RFC0004451 | |
| acl allowed_dstdomains dstdomain www.exploreworldwide.com | |
| #RFC0004615 | |
| acl allowed_dstdomains dstdomain webservices.sabre.com | |
| #RFC0004762 | |
| acl allowed_dstdomains dstdomain .netfunds.com | |
| #RFC0004702 | |
| acl allowed_dstdomains dstdomain .trisetpapi.com | |
| #RFC0005028 | |
| acl allowed_dstdomains dstdomain .wp-plugins.org | |
| acl allowed_dstdomains dstdomain .wordpress.org | |
| acl allowed_dstdomains dstdomain .pingomatic.com | |
| acl allowed_dstdomains dstdomain .w3.org | |
| acl allowed_dstdomains dstdomain .ask.com | |
| acl allowed_dstdomains dstdomain .yahooapis.com | |
| #RFC0005294 | |
| acl allowed_dstdomains dstdomain .experiannet.com | |
| acl allowed_dstdomains dstdomain .americanexpress.com | |
| #RFC5246 | |
| acl allowed_dstdomains dstdomain free.worldweatheronline.com | |
| acl allowed_dstdomains dstdomain trails.gorp.com | |
| #RFC0005370 | |
| acl allowed_dstdomains dstdomain .googleapis.com | |
| #RFC0020003 | |
| acl allowed_dstdomains dstdomain .innovata-llc.com | |
| #SNG-16137 | |
| acl allowed_dstdomains dstdomain .experian.com | |
| #RFC0005837 | |
| acl allowed_dstdomains dstdomain fsgateway.aexp.com | |
| acl allowed_dstdomains dstdomain fsgatewaytest.aexp.com | |
| #RFC0006705 | |
| acl allowed_dstdomains dstdomain image.pegs.com | |
| acl allowed_dstdomains dstdomain images.pegs.com | |
| acl allowed_dstdomains dstdomain images.octopustravel.com | |
| acl allowed_dstdomains dstdomain .pathviewcloud.com | |
| #RFC0007528 | |
| acl allowed_dstdomains dstdomain .zenoss.com | |
| #RFC0008079,8086 | |
| acl allowed_dstdomains dstdomain xmlapi7.partners.de | |
| acl allowed_dstdomains dstdomain xmlapi2.partners.de | |
| #RFC0008593 Jenkins Masters Acess | |
| acl allowed_dstdomains dstdomain download.infradna.com | |
| acl allowed_dstdomains dstdomain .cloudbees.com | |
| acl allowed_dstdomains dstdomain .jenkins-ci.org | |
| #RFC8547 | |
| acl allowed_dstdomains dstdomain quote.yahoo.com | |
| acl allowed_dstdomains dstdomain .finance.yahoo.com | |
| #RFC9197 | |
| acl allowed_dstdomains dstdomain saas-monitor.saas.appdynamics.com | |
| #RFC0012186 | |
| acl allowed_dstdomains dstdomain .webex.com | |
| #RFC0012933 | |
| acl allowed_dstdomains dstdomain .arccorp.com | |
| #RFC0012571 | |
| acl allowed_dstdomains dstdomain .cisco.com | |
| acl allowed_dstdomains dstdomain ftp.ctiusa.com | |
| #RFC0014164 | |
| acl allowed_dstdomains dstdomain .traveltrax.com | |
| #RFC-18765 | |
| acl allowed_dstdomains dstdomain sftp.senderscore.net | |
| #RFC-18922-18923 | |
| acl allowed_dstdomains dstdomain .salesforce.com | |
| #RFC-22425-22426 | |
| acl allowed_dstdomains dstdomain .zipcodedownload.com | |
| #RFC0023300 | |
| acl allowed_dstdomains dstdomain txfiles.tradedoubler.com | |
| #EMERGENCY RFC | |
| acl allowed_dstdomains dstdomain bos.wspan.com | |
| #RFC0015036 | |
| acl allowed_dstdomains dstdomain .coupadev.com | |
| acl allowed_dstdomains dstdomain .xpenser.com | |
| #Sales chart (rargeanton) | |
| acl allowed_dstdomains dstdomain .traveltechtools.com | |
| acl allowed_dstdomains dstdomain .commissionliveupdates.com | |
| #RFC16357 | |
| acl allowed_dstdomains dstdomain .alipay.net | |
| acl allowed_dstdomains dstdomain .alipay.com | |
| #SNG-1961 | |
| acl allowed_dstdomains dstdomain .routehappy.com | |
| #RFC19031 | |
| acl allowed_dstdomains dstdomain .thermeon.eu | |
| acl allowed_dstdomains dstdomain .cmh.co.za | |
| acl allowed_dstdomains dstdomain .jimpisoft.pt | |
| acl allowed_dstdomains dstdomain .hertz.com | |
| acl allowed_dstdomains dstdomain .interrent.com | |
| acl allowed_dstdomains dstdomain .pepecar.com | |
| acl allowed_dstdomains dstdomain .recordgo-reservas.com | |
| acl allowed_dstdomains dstdomain .sbc.it | |
| #RFC-24981 | |
| acl allowed_dstdomains dstdomain .jfrog.org | |
| acl allowed_dstdomains dstdomain .springsource.org | |
| acl allowed_dstdomains dstdomain .googlecode.com | |
| acl allowed_dstdomains dstdomain .sonatype.org | |
| acl allowed_dstdomains dstdomain .lds.org | |
| acl allowed_dstdomains dstdomain .cloudera.com | |
| acl allowed_dstdomains dstdomain .restlet.org | |
| acl allowed_dstdomains dstdomain .codehaus.org | |
| acl allowed_dstdomains dstdomain .nginx.org | |
| acl allowed_dstdomains dstdomain .couchbase.com | |
| acl allowed_dstdomains dstdomain .artifactoryonline.com | |
| acl allowed_dstdomains dstdomain .grails.org | |
| acl allowed_dstdomains dstdomain .apache.org | |
| acl allowed_dstdomains dstdomain .clojars.org | |
| acl allowed_dstdomains dstdomain .gradle.org | |
| acl allowed_dstdomains dstdomain .eclipse.org | |
| acl allowed_dstdomains dstdomain .glassfish.org | |
| acl allowed_dstdomains dstdomain .maven.org | |
| acl allowed_dstdomains dstdomain .java.net | |
| acl allowed_dstdomains dstdomain .jboss.org | |
| acl allowed_dstdomains dstdomain .springframework.org | |
| acl allowed_dstdomains dstdomain .spring.io | |
| acl allowed_dstdomains dstdomain .googleusercontent.com | |
| acl allowed_dstdomains dstdomain .blogspot.com | |
| acl allowed_dstdomains dstdomain .doubleclickusercontent.com | |
| acl allowed_dstdomains dstdomain .doubleclick.net | |
| acl allowed_dstdomains dstdomain .ggpht.com | |
| acl allowed_dstdomains dstdomain .googledrive.com | |
| acl allowed_dstdomains dstdomain .googlesyndication.com | |
| #RFC-25529 | |
| acl allowed_dstdomains dstdomain .signalhq.com | |
| #RFC0027329 | |
| acl allowed_dstdomains dstdomain .symcb.com | |
| acl allowed_dstdomains dstdomain .symantec.com | |
| #RFC0025994 | |
| acl allowed_dstdomains dstdomain .onmicrosoft.com | |
| acl allowed_dstdomains dstdomain .office.com | |
| acl allowed_dstdomains dstdomain .microsoftonline.com | |
| #RFC0027128 | |
| acl allowed_dstdomains dstdomain .aadrm.com | |
| acl allowed_dstdomains dstdomain .activedirectory.windowsazure.com | |
| acl allowed_dstdomains dstdomain .lync.com | |
| acl allowed_dstdomains dstdomain .microsoftonline-p.com | |
| acl allowed_dstdomains dstdomain .microsoftonline-p.net | |
| acl allowed_dstdomains dstdomain .microsoftonlineimages.com | |
| acl allowed_dstdomains dstdomain .microsoftonlinesupport.net | |
| acl allowed_dstdomains dstdomain .msecnd.net | |
| acl allowed_dstdomains dstdomain .msocnd.com | |
| acl allowed_dstdomains dstdomain .msn.com | |
| acl allowed_dstdomains dstdomain .msn.co.jp | |
| acl allowed_dstdomains dstdomain .msn.co.uk | |
| acl allowed_dstdomains dstdomain .office.net | |
| acl allowed_dstdomains dstdomain .office365.com | |
| acl allowed_dstdomains dstdomain .outlook.com | |
| acl allowed_dstdomains dstdomain .phonefactor.net | |
| acl allowed_dstdomains dstdomain .Sharepointonline.com | |
| #RFC0025994 | |
| acl allowed_dstdomains dstdomain .serengetilaw.com | |
| #SNG-2207 | |
| acl allowed_dstdomains dstdomain .docker.io | |
| acl allowed_dstdomains dstdomain .hostip.info | |
| #NNG-1444 | |
| acl allowed_dstdomains dstdomain .webservices.amadeus.com | |
| #SNG-2020 | |
| acl allowed_dstdomains dstdomain .flairview.com | |
| #RFC0026251 | |
| acl allowed_dstdomains dstdomain .gttechonline.com | |
| acl allowed_dstdomains dstdomain .fmaudit.com | |
| acl allowed_dstdomains dstdomain fmaudit.austin.hp.com | |
| acl allowed_dstdomains dstdomain .ecisolutions.com | |
| #RFC0028414 | |
| acl allowed_dstdomains dstdomain .giatamedia.com | |
| #SNG-2037 | |
| acl allowed_dstdomains dstdomain .intentmedia.net | |
| acl allowed_dstdomains dstdomain subscription.rhn.redhat.com | |
| acl allowed_dstdomains dstdomain cdn.redhat.com | |
| #IBEX example of only letting ports on a site basis rather than all the ports ever added | |
| #allow_onlyhttphttps acl can used goign forward etc.. | |
| acl allow_ibexhost dstdomain client.ibexglobal.com | |
| acl allow_ibexip dst 184.180.25.88 | |
| acl allow_ibexports port 10010 | |
| http_access allow allowed_srcnetworks allow_ibexhost allow_onlyhttphttps | |
| http_access allow allowed_srcnetworks allow_ibexip allow_onlyhttphttps | |
| http_access allow allowed_srcnetworks allow_ibexip allow_ibexports | |
| #SNG-1575 included in google blocks. | |
| #acl allowed_dstnetworks dst 216.239.32.37 | |
| acl allowed_dstnetworks dst 213.98.78.118 | |
| acl allowed_dstnetworks dst 217.75.7.228 | |
| acl allowed_dstnetworks dst 216.113.156.102 | |
| acl allowed_dstnetworks dst 195.23.97.89 | |
| ## Process ACLs | |
| #cache deny nocache_dstdomains | |
| # By hostname | |
| http_access allow allowed_srcnetworks nocache_dstdomains allowed_dstports | |
| always_direct allow allowed_srcnetworks nocache_dstdomains FTP | |
| #http_access allow allowed_srcnetworks allowed_dstdomains ftp | |
| #RFC0016021 | |
| acl allowed_dstdomains dstdomain reporting.linkshare.com | |
| #RFC0026024 | |
| acl allowed_dstdomains dstdomain .bintray.com | |
| #RFC0026300 | |
| acl allowed_dstdomains dstdomain soap.iovation.com | |
| #RFC0026045 | |
| acl allowed_dstdomains dstdomain pal-test.adyen.com | |
| acl allowed_dstdomains dstdomain pal-live.adyen.com | |
| #RFC0033801 | |
| acl allowed_dstdomains dstdomain ca-live.adyen.com | |
| acl allowed_dstdomains dstdomain live.adyen.com | |
| #RFC0027893 | |
| acl allowed_dstnetworks dst 213.63.184.227 | |
| #RFC0028220 | |
| acl allowed_dstdomains dstdomain .expensewire.com | |
| #RFC0028488 | |
| acl allowed_dstdomains dstdomain .iceportal.com | |
| #RFC0029050 | |
| acl allowed_dstdomains dstdomain .accertify.net | |
| acl allowed_dstdomains dstdomain ftpupload.giatamedia.de | |
| #RFC0028704 | |
| acl allowed_dstdomains dstdomain prdftp.amadeuslink.com | |
| #RFC0029705 | |
| acl allowed_dstdomains dstdomain .choicehotels.com | |
| acl allowed_dstdomains dstdomain .arxscan.com | |
| acl allowed_dstdomains dstdomain .arxview.net | |
| #RFC0031130 | |
| acl allowed_dstdomains dstdomain ftp1.vortexsolution.com | |
| #RFC31333 | |
| acl allowed_dstdomains dstdomain .bitbucket.org | |
| #CD-1555 | |
| acl allowed_dstdomains dstdomain raw.githubusercontent.com | |
| #RFC0031185 | |
| acl allowed_dstdomains dstdomain sandbox.secure.checkout.visa.com | |
| #RFC0031602 | |
| acl allowed_dstdomains dstdomain build.shibboleth.net | |
| #RFC0031621,RFC0031622 | |
| acl allowed_dstdomains dstdomain secure.checkout.visa.com | |
| #RFC0031803 | |
| acl allowed_dstdomains dstdomain .tripadvisor.com | |
| #RFC0032228 | |
| acl allowed_dstdomains dstdomain .nodejs.org | |
| #RFC0032872 | |
| acl allowed_dstdomains dstdomain .amazonaws.com.cn | |
| acl allowed_dstdomains dstdomain .amazonaws.cn | |
| #RFC37180 | |
| acl allowed_dstdomains dstdomain .continuum.io | |
| acl allowed_dstdomains dstdomain .binstar.org | |
| #RFC0033060 | |
| acl allowed_dstdomains dstdomain ftp.ussg.iu.edu | |
| #RFC0033725 | |
| acl allowed_dstdomains dstdomain ftp-chi.osuosl.org | |
| acl allowed_dstdomains dstdomain api.bazaarvoice.com | |
| #RFC0033184 | |
| acl allowed_dstnetworks dst 65.51.32.40 | |
| acl allowed_dstnetworks dst 8.36.68.11 | |
| #RFC0033461 - SNG-2302 | |
| acl allowed_dstdomains dstdomain sgw.travelpn.com | |
| acl allowed_dstdomains dstdomain sgw.test.travelpn.com | |
| #RFC0033593 | |
| acl allowed_dstdomains dstdomain .newsweaver.com | |
| #RFC0034390 | |
| acl allowed_dstdomains dstdomain .sas.com | |
| #RFC0036309 | |
| #changing this to all b of a domains | |
| acl allowed_dstdomains dstdomain .bankofamerica.com | |
| #RFC0036650 | |
| acl allowed_dstdomains dstdomain .wordpress.com | |
| #RFC0037169 | |
| acl allowed_dstdomains dstdomain cde.zanox.com | |
| acl allowed_dstdomains dstdomain data.tradedoubler.com | |
| acl allowed_dstdomains dstdomain ebooker.ftp.hosting.next-idea.fr | |
| acl allowed_dstdomains dstdomain ftp.bgenius.com | |
| acl allowed_dstdomains dstdomain ftp.kenshoo.com | |
| acl allowed_dstdomains dstdomain ftps.zanox.com | |
| acl allowed_dstdomains dstdomain reports-tragr.tradedoubler.com | |
| acl allowed_dstdomains dstdomain reports.tradedoubler.com | |
| acl allowed_dstdomains dstdomain s223331446.onlinehome.us | |
| acl allowed_dstdomains dstdomain sftp.runwaynine.com | |
| acl allowed_dstdomains dstdomain sftp.trivago.com | |
| acl allowed_dstdomains dstdomain ws.orbitzworldwide.com | |
| acl allowed_dstdomains dstdomain www.hotelbookers.com | |
| acl allowed_dstdomains dstdomain www.tradedoubler.com | |
| acl allowed_dstdomains dstdomain .seiservice.com | |
| acl allowed_dstdomains dstdomain .teamviewer.com | |
| #RFC0038001 | |
| acl allowed_dstdomains dstdomain www.oanda.com | |
| acl allowed_dstdomains dstdomain centinel800.cardinalcommerce.com | |
| acl allowed_dstdomains dstdomain onlinetravel.maritz.com | |
| acl allowed_dstdomains dstdomain geoservices.sabre.com | |
| acl allowed_dstdomains dstdomain wsie0.rbc.com | |
| acl allowed_dstdomains dstdomain rbcrewards.ernex.com | |
| acl allowed_dstdomains dstdomain xml.gasbuddy.com | |
| acl allowed_dstnetworks dst 70.47.187.16 | |
| acl allowed_dstnetworks dst 70.47.187.15 | |
| #LPN-729 | |
| acl allowed_dstdomains dstdomain .wctravel.com | |
| acl allowed_dstdomains dstdomain .res99.com | |
| acl allowed_dstdomains dstdomain h-api.online-metrix.net | |
| acl allowed_dstdomains dstdomain wsie1.sterbc.com | |
| acl allowed_dstdomains dstdomain mmeagentcopy.ernexinsight.com | |
| acl allowed_dstdomains dstdomain ionxml-rewards.capitalone.com | |
| acl allowed_dstnetworks dst 65.204.56.25 | |
| acl allowed_dstnetworks dst 65.204.56.26 | |
| #RFC0036930 | |
| acl allowed_dstdomains dstdomain hooks.slack.com | |
| #RFC0037720 | |
| acl allowed_dstdomains dstdomain .wordfence.com | |
| #RFC0038174 | |
| acl allowed_dstdomains dstdomain travelcenter.fiacardservices.com | |
| acl allowed_dstdomains dstdomain travelcenter.ml.com | |
| #RFC0038017 | |
| acl allowed_dstdomains dstdomain stg.farelogix.com | |
| #RFC0038277 | |
| acl allowed_dstdomains dstdomain api.farelogix.com | |
| #RFC0038681 | |
| acl allowed_dstdomains dstdomain .magroup-webservice.com | |
| #RFC0038925 | |
| acl allowed_dstdomains dstdomain .dhisco.com | |
| #RFC0039060 | |
| acl allowed_dstdomains dstdomain www.kayak.com | |
| #RFC0039780 | |
| acl allowed_dstdomains dstdomain wsdl-crt.cert.sabre.com | |
| acl allowed_dstdomains dstdomain files.developer.sabre.com | |
| #RFC0039827 | |
| acl allowed_dstnetworks dst 174.142.139.133 | |
| acl allowed_dstnetworks dst 68.67.44.162 | |
| acl allowed_dstdomains dstdomain www.atbmyrewards.com | |
| acl allowed_dstdomains dstdomain www.atbmybusinessrewards.com | |
| acl allowed_dstdomains dstdomain businesssolutions.tdbank.com | |
| acl allowed_dstdomains dstdomain tdaclientrewards.tdbank.com | |
| #RFC0040386 | |
| acl allowed_dstdomains dstdomain interface.synxis.com | |
| #RFC0040388 | |
| acl allowed_dstdomains dstdomain beta14.vortexsolution.com | |
| #RFC0040563 | |
| acl allowed_dstdomains dstdomain api.hawaiianairlines.com | |
| #RFC0041058 | |
| acl allowed_dstdomains dstdomain na1.replicon.com | |
| #RFC0041031 | |
| acl allowed_dstdomains dstdomain ftp.s7.exacttarget.com | |
| #RFC0041742 | |
| acl allowed_dstdomains dstdomain .neatgroup.com | |
| #RFC0042295 | |
| acl allowed_dstdomains dstdomain .sonarsource.org | |
| acl allowed_dstdomains dstdomain .sonarsource.com | |
| #RFC0042412 | |
| acl allowed_dstdomains dstdomain travelservices.fraedom.com | |
| acl allowed_dstdomains dstdomain stage-travelservices.fraedom.com | |
| #RFC0042617 | |
| acl allowed_dstdomains dstdomain mazama-prod.elasticbeanstalk.com | |
| #RFC0042938 | |
| acl allowed_dstdomains dstdomain extbasicslab01.podc.sl.edst.ibm.com | |
| #RFC0043246 | |
| acl allowed_dstdomains dstdomain api.flightstats.com | |
| #RFC0043361 | |
| acl allowed_dstdomains dstdomain .windows.net | |
| acl allowed_dstnetworks dst 134.170.148.0/22 | |
| #RFC0043367 | |
| acl allowed_dstdomains dstdomain .hipchat.com | |
| #RF0043461 | |
| acl allowed_dstdomains dstdomain www.shp.sabre.com | |
| acl allowed_dstdomains dstdomain www.showtickets.com | |
| #RFC0044692 | |
| acl allowed_dstdomains dstdomain mirror.xmission.com | |
| acl allowed_dstdomains dstdomain ftp-nyc.osuosl.org | |
| #RFC0045080 | |
| acl allowed_dstdomains dstdomain test.primenumberstechnology.com | |
| acl allowed_dstdomains dstdomain api.primenumberstechnology.com | |
| #RFC0046019 | |
| acl allowed_dstdomains dstdomain ossec.wazuh.com | |
| acl allowed_dstdomains dstdomain hwraid.le-vert.net | |
| acl allowed_dstdomains dstdomain ppa.launchpad.net | |
| #RFC0046241 | |
| acl allowed_dstdomains dstdomain .bintray.jfrog.com | |
| #RFC0046609 | |
| acl allowed_dstdomains dstdomain .iana.org | |
| #RFC0047263 | |
| acl allowed_dstdomains dstdomain lastpass.com | |
| #RFC0047713 | |
| acl allowed_dstdomains dstdomain .sourceforge.net | |
| acl allowed_dstdomains dstdomain .lcdf.org | |
| #RFC0048351 | |
| acl allowed_dstdomains dstdomain static.rexamine.com | |
| #RFC0048231 | |
| acl allowed_dstdomains dstdomain .api.mastercard.com | |
| #RFC0048928 | |
| acl allowed_dstdomains dstdomain .sharepoint.com | |
| #RFC0049734 | |
| acl allowed_dstdomains dstdomain control.kochava.com | |
| #RFC0050078 | |
| acl allowed_dstdomains dstdomain rest.marketmetrix.com | |
| #RFC0053152 | |
| #Superceded by RFC0056440 | |
| #acl allowed_dstdomains dstdomain chidxcsftp.expedia.biz | |
| #RFC0054601 | |
| acl allowed_dstdomains dstdomain api.timezonedb.com | |
| #RFC0054668 and RFC0054669 | |
| acl allowed_dstdomains dstdomain .ian.com | |
| #RFC0054695 | |
| acl allowed_dstdomains dstdomain fusionapidev.au.poweredbycovermore.com | |
| #RFC0055170 | |
| acl allowed_dstdomains dstdomain applications-ptn.europcar.com | |
| #RFC0055195 | |
| acl allowed_dstdomains dstdomain orbitz.caesarschoice.com | |
| #RFC0055245 | |
| acl allowed_dstdomains dstdomain .transifex.com | |
| #RFC0055542 | |
| acl allowed_dstdomains dstdomain account.jetbrains.com | |
| acl allowed_dstdomains dstdomain www.jetbrains.com | |
| #RFC0055843 | |
| acl allowed_dstdomains dstdomain api-orbitz.nd.nudatasecurity.com | |
| #RFC0055895 | |
| acl allowed_dstdomains dstdomain api.ean.com | |
| #RFC0056143 | |
| acl allowed_dstdomains dstdomain applications.europcar.com | |
| #RFC0056440 | |
| acl allowed_dstdomains dstdomain .expedia.biz | |
| #RFC0056858 | |
| acl allowed_dstdomains dstdomain beta15.vortexsolution.com | |
| #RFC0057425 | |
| acl allowed_dstdomains dstdomain fusion.au.poweredbycovermore.com | |
| #RFC0059791 | |
| acl allowed_dstdomains dstdomain exptest-ns.servicebus.windows.net | |
| #RFC0060169 | |
| acl allowed_dstdomains dstdomain .paessler.com | |
| #RFC0060218 | |
| acl allowed_dstdomains dstdomain webservice.s7.exacttarget.com | |
| #CHG0280814 | |
| acl allowed_dstdomains dstdomain api.pagerduty.com | |
| acl allowed_dstdomains dstdomain alliancedata.com | |
| #CLOUDP-82 - work has been completed 08/09/2016 | |
| #acl allowed_dstdomains dstdomain .azure.com | |
| #acl allowed_dstdomains dstdomain .azurecomcdn.net | |
| #acl allowed_dstdomains dstdomain .azureedge.net | |
| #acl allowed_dstdomains dstdomain login.microsoftonline.com | |
| #acl allowed_dstdomains dstdomain login.live.com | |
| #acl allowed_dstdomains dstdomain .sendgrid.com | |
| #acl allowed_dstdomains dstdomain .newrelic.com | |
| # CLOUDP-683 | |
| acl allowed_dstdomains dstdomain ircstojulia.blob.core.windows.net | |
| # CLOUDP-1061 | |
| acl allowed_dstdomains dstdomain qagpublic.qg1.apps.qualys.com | |
| # CHG0465819 | |
| acl allowed_dstdomains dstdomain i.travelapi.com | |
| # sir0028054 | |
| acl allowed_dstdomains dstdomain hipprd01-us-099.hip.apps.fireeye.com | |
| # Allow squidclient to query information on localhost for debugging | |
| acl manager url_regex -i ^cache_object:// /squid-internal-mgr/ | |
| acl localhost src 127.0.0.1 ::1 | |
| http_access allow manager localhost | |
| http_access deny manager | |
| ## Process ACLs | |
| cache deny nocache_dstdomains | |
| # By port | |
| http_access allow ftp_port CONNECT | |
| ## By hostname | |
| http_access allow allowed_srcnetworks allowed_dstdomains allowed_dstports | |
| always_direct allow allowed_srcnetworks allowed_dstdomains FTP | |
| http_access allow allowed_srcnetworks allowed_dstdomains ftp | |
| # By network | |
| http_access allow allowed_srcnetworks allowed_dstnetworks allowed_dstports | |
| always_direct allow allowed_srcnetworks allowed_dstnetworks FTP | |
| http_access allow allowed_srcnetworks allowed_dstnetworks ftp | |
| http_access allow allow_ftpdomains allowed_passiveftp | |
| http_access allow allow_ftpnetworks allowed_passiveftp | |
| http_access deny all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment