On 10/12/2012 10:04 p.m., Naval saini wrote:
I have configured squid in my CentOs 6.3 server it's working fine now i want
to allow facebook access only in lunch time i have wrote a acl for this but
it's blocking http access when i try to open facebook with https it not
blocking facebook in this mode my code for http blocking.
acl FACEBOOK dstdomain www.facebook.com
acl LUNCH time MTWHF 13:00-14:00
http_access allow FACEBOOK LUNCH
http_access deny FACEBOOK
these acl i am writing on the bottom of these lines.
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
and is only blocking http requests but not https requests.
I have tried to block this using this CONNECT acl but it not working for me
.
http_access deny CONNECT FACEBOOK
but it's also not working and i want to know about where to write this acl
in squid.conf file whether on bottom of these acl or anywhere in squid.conf
file.
Please tell me the correct solution i have searched a lot on this on google
but not able to find googd one.
Firstly, you have assumed that the website only has one domain name.
"www.facebook.com" is not even their primary domain; "facebook.com" is.
A quick check of the domain shows that there is a different location for
the HTTPS version as well...
> squidclient -p 80 -h www.facebook.com /
HTTP/1.0 302 Found
Location: https://69.171.237.20/
Content-Type: text/html; charset=utf-8
X-FB-Debug: fbuQUJ9pSTXVUMuvNfBV5+NfKeOrkK0d9KRC4cYIvic=
Date: Mon, 10 Dec 2012 11:48:58 GMT
Connection: close
Content-Length: 0
*** the HTTPS connection is directed back to a load balacer service with
IP address location. Which also rotates through a set of IPs with each
request.
Amos
