Hi everyone, At my office I've implemented a Squid server which uses LDAP credentials to give certain users access to certain websites. Basically, everyone belongs to a base 'Filtered' group, and individual users can be added to a 'FacebookAccess' group for access to facebook. This is mainly because some departments (read: marketing) need access to facebook while others do not. I've only been working on in Squid for about a month and although I've gotten pretty proficient at getting it to do what I want, I've encountered what's seeming to be a higher-level problem. Here's the relevant section of my conf file: acl Unfiltered external InetGroup Unfiltered acl FacebookAccess external InetGroup FacebookAccess acl Filtered external InetGroup Filtered acl blocksites url_regex "/etc/squid3/block.acl" acl whitelist url_regex "/etc/squid3/whitelist.acl" acl facebook url_regex .facebook. acl fbcdn url_regex .fbcdn. #Note: these two lines were added to troubleshoot always_direct allow fbcdn always_direct allow facebook http_access allow Unfiltered http_access allow Filtered whitelist http_access allow FacebookAccess facebook http_access allow FacebookAccess whitelist http_access deny Filtered blocksites http_access deny FacebookAccess blocksites http_access allow FacebookAccess http_access allow Filtered And here's the problem: Users in the FacebookAccess group can get to www.facebook.com <http://www.facebook.com/> without a problem, and users who are only in the Filtered group cannot. So that's great. However, when they log in and reach www.facebook.com/home.php?, they just get a white screen - sometimes. Occasionally it works and occasionally it doesnt; there appears to be no rhyme or reason to it. I've added ".fbcdn." to my whitelist.acl file, because I saw that content from that domain was getting denied when facebook loads... but even after that, no go. When I visit the site and log in, the access.log just shows: jackk 08/Oct/2009 11:54:30 TCP_MISS/200 GET http://www.facebook.com/ jackk 08/Oct/2009 11:54:36 TCP_MISS/200 CONNECT login.facebook.com:443 jackk 08/Oct/2009 11:54:36 TCP_MISS/200 GET http://www.facebook.com/home.php? And to troubleshoot I tried accessing facebook from a member of the 'Unfiltered' group, to which no restrictive acl policies apply. Same problem. Meanwhile obviously a direct, proxy-free connection to facebook from my office works just fine. I'm very, very stuck. Any advice on what to try next would be hugely appreciated. Thanks! Jack Kelly Network Services Administrator W/S Development Associates, LLC Chestnut Hill, MA -------------------------------------------------------- This message (and any associated files) is the property of S. R. Weiner and Associates Inc. and W/S Development Associates LLC and is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by calling our corporate office at 617-232-8900 and deleting this message from your computer. Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, S. R. Weiner and Associates, Inc. and W/S Development Associates LLC do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version of this message. Any views or opinions presented in this message are solely those of the author and do not necessarily represent those of the company.
