.TH SREDIR_ACLS 5 2021-01-09

.SH NAME
sredir_acls

.SH DESCRIPTION
Format of hosts.allow, hosts.deny, urls.allow and urls.deny.

.SH ACL FILE SYNTAX

.TS
allbox;
c c
l l.
Grep	This program 
^Foobar$	Foobar
^Foobar	Foobar*
Foobar$	*Foobar
\.*Foobar.*	*Foobar*
Foobar	T{
Foobar*
.br
*Foobar
.br
*Foobar*
T}
.TE

The maximum line length is 4094 bytes (4095 including newline).
The software uses a linear search, so you can use any order.

.SS Host ACL examples

.TS
allbox;
l l
l l.
ad.doubleclick.net	T{
Matches any URL with hostname 'ad\%.doubleclick.net'.
T}
*.doubleclick.net	T{
Matches any URL with hostname in the 'doubleclick\%.net' domain.
T}
*doubleclick*	T{
Matches any URL with hostname which contains the string 'doubleclick'.
T}
.TE

You can put IP addresses in the host ACL files if you like.
The software however, will not look up hostnames in order to see if their
IP addresses are in hosts.allow.
It does lookup CNAMEs to see if they are in hosts.deny, provided there is at
least one RBL defined.
This check is always on, independent of dnsbl mode.
.br
With 'checkaddr\ on' in the config file it will also lookup IP addresses in
hosts.deny (provided there is at least one RBL defined).
Below some examples;

.TS
allbox;
c c
l l.
CIDR	This program
192.168.2.0/24	192.168.2.*
192.168.2.0/23	T{
192.168.2.*
.br
192.168.3.*
T}
2001:db8:2::/48	2001:db8:2:*
.TE

.SS URL ACL examples

.TS
allbox;
l l
l l.
http://ad.doubleclick.net/*	T{
Matches any URL that begins with 'http://ad.doubleclick.net/'.
T}
*count.gif	Matches any URL that ends in 'count.gif'.
*doubleclick*	Matches any URL that contains 'doubleclick'.
.TE

In case of HTTPS, Squid passes the hostname to the redirector, not the URL.
And the URL ACLs aren't used.

.SS Remarks

A line beginning with a hash or number-sign ('#'). E.G.;
.br
# Remark.
.br
Statement
.br
White-space and anything at the right hand side of white-space. E.G.;
.br
Statement # Remark.
.br
This means that hostnames and URLs cannot contain spaces.
Hashes which are not on the first position of a line, are not considered to be
a remark, except when preceded by whitespace.

.SH COPYRIGHT
GPL.

.SH AUTHOR
Rob van der Putten, rob at sput dot nl

.SH FILES
.TP
.I /etc/sredir/hosts.allow
.RS
Host whitelist file.
.RE
.TP
.I /etc/sredir/hosts.deny
.RS
Host blacklist file.
.RE
.TP
.I /etc/sredir/urls.allow
.RS
URL whitelist file.
.RE
.TP
.I /etc/sredir/urls.deny
.RS
URL blacklist file.
.RE

.SH SEE ALSO
.BR rblsredir (8)
.BR sredir.conf (5)
.BR sredir.log (5)
.BR squid (8)