Search squid archive

Re: Squid Version 3.5.20

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

 

Thank You for quick turnover, as per your request I changed squid config like below, still I going to www.google.com

acl CONNECT method CONNECT

acl sslconnect dstdomain -i https://www.google.com

acl GoogleRecaptcha url_regex ^https://www.google.com/recaptcha/$

http_access allow CONNECT sslconnect

http_access allow backoffice_users GoogleRecaptcha

 

 

Thanks& Regards,

Naresh

From: Flashdown [mailto:flashdown@xxxxxxxxxxxxx]
Sent: Tuesday, June 27, 2017 11:37 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx; Cherukuri, Naresh; Eliezer Croitoru
Subject: Re: [squid-users] Squid Version 3.5.20

 

Well, I know that issue very good and google is the issue since they should put their captcha on a own subdomain. Then we could effectivley allow only the access to the captcha.

Until that there is no good way to achive this. But there is a non reliable way of blocking google.com

First allow the Connect method for google.com
Acl CONNECT method CONNECT
acl sslconnect dstdomain -i www.google.com
http_access allow CONNECT sslconnect
Then use an url regex and allow google.com/recaptcha

This way sometimes www.google.com is blocked, sometimes not. But access to recaptcha will always work.

Why we can't block it reliable? Well when browser/client wants to connect to https website then the firsr thing the browser trie is open a ssl tunnel to the FQDN
As soon as the tunnel is up it will request the ressource. May it helps if you add a url regex deny between allowing the connect method and allowing the url www.google.com/recaptcha

Written on my mobile..

Br,
Flashdown


Am 27. Juni 2017 17:07:19 MESZ schrieb "Cherukuri, Naresh" <ncherukuri@xxxxxxxxxxxxx>:

Hi Eliezer,

We successfully blocked gmail, google images, google drive and rest all google related. Now we allowing www.google.com and www. google/Recaptcha. We still need to block www.google.com and just allow www.google/recaptcha. Is there a way to do that?

Appreciate your quick turnover!

Thanks&Regards,
Naresh


-----Original Message-----
From: Eliezer Croitoru [mailto:eliezer@xxxxxxxxxxxx]
Sent: Tuesday, June 27, 2017 10:16 AM
To: Cherukuri, Naresh; squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [squid-users] Squid Version 3.5.20

Hey,

I can try to help you but I do not have enough logs for it.
Also it's not so simple.
Basically you will need to block gmail and google drive themselves in one rule that will not include other google services.

All The Bests,
Eliezer

----
http://ngtech.co.il/lmgtfy/
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx


From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of Cherukuri, Naresh
Sent: Friday, June 23, 2017 23:34
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: [squid-users] Squid Version 3.5.20

Hello All,

I installed Squid version 3.5.20 on RHEL 7 and generated selfsigned CA certificates, can you shed some light on how to "Configure regular _expression_ of the Google ReCaptcha URL with ACL".

My requirement :

This requirement is to allow Google's ReCaptcha URL (HTTPS) so associates can successfully use ADP which now utilizes Google's ReCaptcha which is called via an HTTPS URL, without allowing users to access other Google-related services such as Gmail or Google Drive.

Any ideas much appreciated!

Thanks,
Naresh


squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux