[Privoxy-users] permit-access wildcards?

Richard Glaser richard.glaser at utah.edu
Fri Aug 18 18:15:37 CEST 2023 

Sure, but since privacy supports subnet masks in CIDR notation. It could be argued that in a sense is similar to the feature I am requesting for hostname and

This is for Apple push notifications: https://support.apple.com/en-ph/HT203609

permit-access 10.18.0.0/17 17.0.0.0/8

And works with privoxy’s permit-access. Anyway, I understand privoxy is open source, just feedback support of permit and deny access with hostname and regular expression would be nice.

Thanks:

[Block U Logo]
Richard Glaser  (he, him, his)
Assistant Head, Client Platform Services
Marriott Library ITDLS
The University of Utah
On Aug 18, 2023 at 10:02 AM -0600, Ian Silvester <iansilvester at fastmail.fm>, wrote:
Hi Richard,

Your use case better fits the features of a firewall than a proxy, if your network topology allows for one to be installed. An open source option that I have found well-featured and performant is OPNsense.

HTH,

Ian


On Fri, 18 Aug 2023, at 06:24, Richard Glaser wrote:
Hi:

Thanks for the reply

That’s too bad, for example if you have Apple clients, you would need to add a ton of hostnames to provide enterprise management.

https://support.apple.com/en-us/HT210060

And many require wildcard support like

*.push.apple.com
*.school.apple.com
*.itunes.apple.com
*.mzstatic.com
*.vertexsmb.com
*.itunes.apple.com
*.apps.apple.com
*.mzstatic.com
*.appattest.apple.com
*.apple-cloudkit.com<http://apple-cloudkit.com>
*.apple-livephotoskit.com<http://apple-livephotoskit.com>
*.apzones.com<http://apzones.com>
*.cdn-apple.com<http://cdn-apple.com>
*.gc.apple.com<http://gc.apple.com>
*.icloud.com<http://icloud.com>
*.icloud.apple.com<http://icloud.apple.com>
*.icloud-content.com<http://icloud-content.com>
*.iwork.apple.com<http://iwork.apple.com>*.apple-cloudkit.com<http://apple-cloudkit.com>
*.apple-livephotoskit.com<http://apple-livephotoskit.com>
*.apzones.com<http://apzones.com>
*.cdn-apple.com<http://cdn-apple.com>
*.gc.apple.com<http://gc.apple.com>
*.icloud.com<http://icloud.com>
*.icloud.apple.com<http://icloud.apple.com>
*.icloud-content.com<http://icloud-content.com>
*.iwork.apple.com<http://iwork.apple.com>

For example, we are using privoxy with macOS and iPadOS clients to allow and deny hosts.

Thanks:


[Block U Logo]

Richard Glaser  (he, him, his)
Assistant Head, Client Platform Services
Marriott Library ITDLS
The University of Utah

On Aug 17, 2023 at 8:53 PM -0600, Ian Silvester <iansilvester at fastmail.fm>, wrote:
Hi Richard,

I'm afraid that the permit-access and deny-access directives in the Privoxy core configuration file do not support wildcard addressing for dst-addr, per the User Guide:

The Main Configuration File (privoxy.org)<https://www.privoxy.org/user-manual/config.html#ACLS>

Does someone else have a suggestion for Richard's use case?

Apologies,

Ian


On Thu, 17 Aug 2023, at 12:18, Richard Glaser wrote:
4.7. ACLs: permit-access and deny-access section of the privoxy configuration...

Trying this now...

permit-access 10.18.0.0/17 [\w\-\.]+\.utah.edu<http://utah.edu>
permit-access 10.18.0.0/17 [\w\-\.]+\.utah.edu:443<http://utah.edu:443>
permit-access 10.18.0.0/17 [\w\-\.]+\.lib.utah.edu<http://lib.utah.edu>
permit-access 10.18.0.0/17 [\w\-\.]+\.lib.utah.edu:443<http://lib.utah.edu:443>
permit-access 10.18.0.0/17 [\w\-\.]+\.apple.com<http://apple.com>
permit-access 10.18.0.0/17 [\w\-\.]+\.apple.com:443<http://apple.com:443>
permit-access 10.18.0.0/17 [\w\-\.]+\.duosecurity.com<http://duosecurity.com>
permit-access 10.18.0.0/17 [\w\-\.]+\.duosecurity.com:443<http://duosecurity.com:443>
permit-access 10.18.0.0/17 [\w\-\.]+\.labstats.com<http://labstats.com>
permit-access 10.18.0.0/17 [\w\-\.]+\.labstats.com:443<http://labstats.com:443>

Thanks:


[Block U Logo]

Richard Glaser  (he, him, his)
Assistant Head, Client Platform Services
Marriott Library ITDLS
The University of Utah

On Aug 17, 2023 at 10:00 AM -0600, Ian Silvester <iansilvester at fastmail.fm>, wrote:
Hi Richard,

Could you share the error message you are getting, and also the exact filter or action file configuration element you are using?

Thanks,

Ian

On Thu, 17 Aug 2023, at 11:44, Richard Glaser wrote:
Hi:

I am trying to use wild cards with privacy and get errors.

For example...

permit-access 155.0.0.0/2 S*\.S*\.duosecurity.com<http://duosecurity.com>

B<http://duosecurity.com>asically I want to allow any hostnames with
ending domain .duosecurity.com<http://duosecurity.com>

Any suggestions?

Thanks:

[Block U Logo]
Richard Glaser (he, him, his)
Assistant Head, Client Platform Services
Marriott Library ITDLS
The University of Utah
_______________________________________________
Privoxy-users mailing list
Privoxy-users at lists.privoxy.org
https://lists.privoxy.org/mailman/listinfo/privoxy-users
_______________________________________________
Privoxy-users mailing list
Privoxy-users at lists.privoxy.org
https://lists.privoxy.org/mailman/listinfo/privoxy-users

More information about the Privoxy-users mailing list