[Privoxy-users] permit-access wildcards?

Fri Aug 18 18:00:37 CEST 2023

Hi Richard,

Your use case better fits the features of a firewall than a proxy, if your network topology allows for one to be installed. An open source option that I have found well-featured and performant is OPNsense.

HTH,

Ian

On Fri, 18 Aug 2023, at 06:24, Richard Glaser wrote:
> Hi:
> 
> Thanks for the reply
> 
> That’s too bad, for example if you have Apple clients, you would need to add a ton of hostnames to provide enterprise management.
> 
> https://support.apple.com/en-us/HT210060
> 
> And many require wildcard support like
> 
> *.push.apple.com
> *.school.apple.com
> *.itunes.apple.com
> *.mzstatic.com
> *.vertexsmb.com
> *.itunes.apple.com
> *.apps.apple.com
> *.mzstatic.com
> *.appattest.apple.com
> *.apple-cloudkit.com
> *.apple-livephotoskit.com
> *.apzones.com
> *.cdn-apple.com
> *.gc.apple.com
> *.icloud.com
> *.icloud.apple.com
> *.icloud-content.com
> *.iwork.apple.com*.apple-cloudkit.com
> *.apple-livephotoskit.com
> *.apzones.com
> *.cdn-apple.com
> *.gc.apple.com
> *.icloud.com
> *.icloud.apple.com
> *.icloud-content.com
> *.iwork.apple.com
> 
> For example, we are using privoxy with macOS and iPadOS clients to allow and deny hosts.
> 
> Thanks:
> 
> Block U Logo
> Richard Glaser  (he, him, his)
> Assistant Head, Client Platform Services
> Marriott Library ITDLS
> The University of Utah
> On Aug 17, 2023 at 8:53 PM -0600, Ian Silvester <iansilvester at fastmail.fm>, wrote:
>> Hi Richard,
>> 
>> I'm afraid that the permit-access and deny-access directives in the Privoxy core configuration file do not support wildcard addressing for dst-addr, per the User Guide:
>> 
>> The Main Configuration File (privoxy.org) <https://www.privoxy.org/user-manual/config.html#ACLS>
>> 
>> Does someone else have a suggestion for Richard's use case?
>> 
>> Apologies,
>> 
>> Ian
>> 
>> 
>> On Thu, 17 Aug 2023, at 12:18, Richard Glaser wrote:
>>> 4.7. ACLs: permit-access and deny-access section of the privoxy configuration...
>>> 
>>> Trying this now...
>>> 
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.utah.edu
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.utah.edu:443
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.lib.utah.edu
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.lib.utah.edu:443
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.apple.com
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.apple.com:443
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.duosecurity.com
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.duosecurity.com:443
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.labstats.com
>>> permit-access 10.18.0.0/17 [\w\-\.]+\.labstats.com:443
>>> 
>>> Thanks:
>>> 
>>> Block U Logo
>>> Richard Glaser  (he, him, his)
>>> Assistant Head, Client Platform Services
>>> Marriott Library ITDLS
>>> The University of Utah
>>> On Aug 17, 2023 at 10:00 AM -0600, Ian Silvester <iansilvester at fastmail.fm>, wrote:
>>>> Hi Richard,
>>>> 
>>>> Could you share the error message you are getting, and also the exact filter or action file configuration element you are using?
>>>> 
>>>> Thanks,
>>>> 
>>>> Ian
>>>> 
>>>> On Thu, 17 Aug 2023, at 11:44, Richard Glaser wrote:
>>>>> Hi:
>>>>> 
>>>>> I am trying to use wild cards with privacy and get errors.
>>>>> 
>>>>> For example...
>>>>> 
>>>>> permit-access 155.0.0.0/2 S*\.S*\.duosecurity.com<http://duosecurity.com>
>>>>> 
>>>>> B<http://duosecurity.com>asically I want to allow any hostnames with
>>>>> ending domain .duosecurity.com<http://duosecurity.com>
>>>>> 
>>>>> Any suggestions?
>>>>> 
>>>>> Thanks:
>>>>> 
>>>>> [Block U Logo]
>>>>> Richard Glaser (he, him, his)
>>>>> Assistant Head, Client Platform Services
>>>>> Marriott Library ITDLS
>>>>> The University of Utah
>>>>> _______________________________________________
>>>>> Privoxy-users mailing list
>>>>> Privoxy-users at lists.privoxy.org
>>>>> https://lists.privoxy.org/mailman/listinfo/privoxy-users
>>>> _______________________________________________
>>>> Privoxy-users mailing list
>>>> Privoxy-users at lists.privoxy.org
>>>> https://lists.privoxy.org/mailman/listinfo/privoxy-users
>> 