On 19/09/2012 9:18 p.m., Jaime Gomez wrote:
Hi Amos,
You are right, I didn't explain myself properly. We use ident to identify our users. One user with IE or firefox wants to go to one Facebook. He receives a wonderful deny message saying that he is not allowed. Same user with Chrome does the same and he is able to access to Facebook. After doing some research I found out that this only happens if I use https.
Are the Chrome requests showing up in squid access.log?
Here is the conf file. I've made a little modifications just to show the important things:
cache_effective_user proxy
cache_effective_group proxy
visible_hostname x.x.x.x
unique_hostname x.x.x.x
coredump_dir /data/squid
http_port 3128
cache_access_log /data/squid/logs/access.log
cache_access_log /data/squid/logs/access.log
cache_store_log /data/squid/logs/store.log
cache_log /data/squid/logs/cache.log
pid_filename /data/squid/logs/squid.pid
logfile_rotate 2
via off
forwarded_for off
dns_nameservers x.x.x.x
positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds
cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 20 KB
cache_dir aufs /data/squid/cache 16000 16 256
cache_mem 16 MB
memory_pools off
maximum_object_size 64 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
negative_ttl 0 minutes
external_acl_type myIdent children=15 %SRC %IDENT /usr/bin/perl /data/squid/scripts/myIdentUsers.pl
acl ident_auth external myIdent REQUIRED
"REQUIRED" ? looks like you do not understand what is going on.
'REQUIRED' is a magic value for proxy_auth ACL type. It has nothing to
do with any others.
When used on the external ACL, the helper will be passed the three
strings: client IP address, client provided IDENT label, ... and the
textual word "REQUIRED".
acl WebUsers ident "/data/squid/groups/WebUsers"
acl Socialnet dstdomain "/data/squid/blacklists/socialnet/domains"
and what is this files content?
http_access deny Socialnet
http_access allow WebUsers
anything else afterwards?
Amos
Thanks for your help.
Regards.
Amos Jeffries <squid3@xxxxxxxxxxxxx> 19/09/2012 2:53 >>>
On 19/09/2012 1:45 a.m., Jaime Gomez wrote:
Hi all,
We have a very weird issue. I've been googling but couldn't find the answer. We have our Squid (Squid Cache: Version 3.1.18) configured in order to do some content filter. For instance: some people can access Facebook and other social Webpages while others don't. The weird issue is that people with Chrome can skip this acl. With IE and Firefox it works. How is this possible?
It might be because you configured it to happen. Or that Chrome is
simply not using the proxy.
Some information about what your configuration actually is would help
(details please).
Amos