Search squid archive

Re: Weird issue with Chrome

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/09/2012 9:18 p.m., Jaime Gomez wrote:
Hi Amos,

You are right, I didn't explain myself properly. We use ident to identify our users. One user with IE or firefox wants to go to  one Facebook. He receives a wonderful deny message saying that he is not allowed. Same user with Chrome does the same and he is able to access to Facebook. After doing some research I found out that this only happens if I use https.

Are the Chrome requests showing up in squid access.log?

Here is the conf file. I've made a little modifications just to show the important things:

cache_effective_user proxy
cache_effective_group proxy
visible_hostname x.x.x.x
unique_hostname x.x.x.x
coredump_dir /data/squid

http_port 3128
cache_access_log /data/squid/logs/access.log
cache_access_log /data/squid/logs/access.log
cache_store_log /data/squid/logs/store.log
cache_log /data/squid/logs/cache.log
pid_filename /data/squid/logs/squid.pid
logfile_rotate 2
via off
forwarded_for off

dns_nameservers x.x.x.x
positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds

cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 20 KB
cache_dir aufs /data/squid/cache 16000 16 256
cache_mem 16 MB
memory_pools off
maximum_object_size 64 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
negative_ttl 0 minutes

external_acl_type myIdent children=15 %SRC %IDENT /usr/bin/perl /data/squid/scripts/myIdentUsers.pl
acl ident_auth external myIdent REQUIRED

"REQUIRED" ? looks like you do not understand what is going on.

'REQUIRED' is a magic value for proxy_auth ACL type. It has nothing to do with any others.

When used on the external ACL, the helper will be passed the three strings: client IP address, client provided IDENT label, ... and the textual word "REQUIRED".



acl WebUsers ident "/data/squid/groups/WebUsers"

acl Socialnet dstdomain "/data/squid/blacklists/socialnet/domains"

and what is this files content?


http_access deny Socialnet

http_access allow WebUsers


anything else afterwards?


Amos


Thanks for your help.

Regards.

Amos Jeffries <squid3@xxxxxxxxxxxxx> 19/09/2012 2:53 >>>
On 19/09/2012 1:45 a.m., Jaime Gomez wrote:
Hi all,
We have a very weird issue. I've been googling but couldn't find the answer. We have our Squid (Squid Cache: Version 3.1.18) configured in order to do some content filter. For instance: some people can access Facebook and other social Webpages while others don't. The weird issue is that people with Chrome can skip this acl. With IE and Firefox it works. How is this possible?
It might be because you configured it to happen. Or that Chrome is
simply not using the proxy.

Some information about what your configuration actually is would help
(details please).

Amos




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux