because they probably have a million different IP addresses...

They have 3 that resolve www.hotmail.com and 2 that resolve hotmail.com. 5 entries wouldn't be too bad.

Such a "feature" is sexy only on M$ Windows "firewalls".

Blocking "hotmail" would block this page too.
Such a module will have to check almost all packets for "hotmail" or "hoTMail" or "HOTmail", etc... So, be sure to set the ignore-case option, if any.

Also, packets get split on the internet.
It must be a nightmare to just imagine the potential security risks of many buffers that get later discarded, and holding it all together.

i use dansguardian, so if i wanted to block hotmail.com all i'd have to do would be add "hotmail.com" to my bannedsitelist file - simple and effective...

If you do decide to block hotmail.com using text string matching, try just blocking it on tcp and udp ports 53 (DNS ports). Otherwise, any webpage containing the word "hotmail" will be lost. Any email containing the word "hotmail" will go down as well. In fact, if you are using POP3/IMAP and have iptables block the word "hotmail", then you will be disconnected from the mail server at that point. This would render it IMPOSSIBLE to get your email.

The proper way would be to setup a squid proxy server and put hotmail in a blacklist of sites. In your squid.conf:

/etc/squid/blacklist:
Then you need to set your firewall to block outgoing port 80 from machines in your LAN and then set the web browsers on those machines to point to your proxy server.You could also look at SquidGuard which I think is specially designed for just this type of thing.

Keep in mind the difference between this type of thing (URL filtering) and content filtering (which looks at the actual content of the page, not just the URL) using things like dansguardian.

does squid do reverse dns when one blocks a url with an acl??

Why do you need reverse dns?

so that when you block a domain by using it's dns name the person will also be blocked from accessing that server by using it's IP address... dansguardian does this, but i want to know if squid can do this on it's own when you acl a dns url...

That would be normal dns, not reverse, and I don't believe that would work. You'd need to block the IP as well.

no, it's reverse dns... you tell the software to block "domain.com"... the software would perform a reverse dns query for any IP-based URL it receives... so if a user would input an IP address in the browser the software would do a reverse lookup on the IP and if it matches the domain that was specificied it would block it...

you can't specify the IPs in all situations because you don't know what the IP is gonna be tomorrow (for example), or if the user will be routed to another IP, or if the domain has a million different IPs (like google) or whatever... it's much simpler and effective to simply block the domain and have the software take care of reverse dns checks...

dansguardian does this, i just want to know if squid can do this on it's own... anybody??

Even reverse dns is not 100% reliable, as one IP can have a dozen hostnames, which can have CNAMES, etc.

that's beside the point... i just wanted to know if squid could do it... i took a look at the squid.conf.default file and it looks like it can: