Hi, Thank You for quick turnover, as per your request I changed squid config like below, still I going to www.google.com<http://www.google.com> acl CONNECT method CONNECT acl sslconnect dstdomain -i https://www.google.com acl GoogleRecaptcha url_regex ^https://www.google.com/recaptcha/$ http_access allow CONNECT sslconnect http_access allow backoffice_users GoogleRecaptcha
Thanks& Regards, Naresh From: Flashdown [mailto:flashd...@data-core.org] Sent: Tuesday, June 27, 2017 11:37 AM To: squid-users@lists.squid-cache.org; Cherukuri, Naresh; Eliezer Croitoru Subject: Re: [squid-users] Squid Version 3.5.20 Well, I know that issue very good and google is the issue since they should put their captcha on a own subdomain. Then we could effectivley allow only the access to the captcha. Until that there is no good way to achive this. But there is a non reliable way of blocking google.com<http://google.com> First allow the Connect method for google.com<http://google.com> Acl CONNECT method CONNECT acl sslconnect dstdomain -i www.google.com<http://www.google.com> http_access allow CONNECT sslconnect Then use an url regex and allow google.com/recaptcha<http://google.com/recaptcha> This way sometimes www.google.com<http://www.google.com> is blocked, sometimes not. But access to recaptcha will always work. Why we can't block it reliable? Well when browser/client wants to connect to https website then the firsr thing the browser trie is open a ssl tunnel to the FQDN As soon as the tunnel is up it will request the ressource. May it helps if you add a url regex deny between allowing the connect method and allowing the url www.google.com/recaptcha<http://www.google.com/recaptcha> Written on my mobile.. Br, Flashdown Am 27. Juni 2017 17:07:19 MESZ schrieb "Cherukuri, Naresh" <ncheruk...@partycity.com<mailto:ncheruk...@partycity.com>>: Hi Eliezer, We successfully blocked gmail, google images, google drive and rest all google related. Now we allowing www.google.com<http://www.google.com> and www. google/Recaptcha. We still need to block www.google.com<http://www.google.com> and just allow www.google/recaptcha<http://www.google/recaptcha>. Is there a way to do that? Appreciate your quick turnover! Thanks&Regards, Naresh -----Original Message----- From: Eliezer Croitoru [mailto:elie...@ngtech.co.il] Sent: Tuesday, June 27, 2017 10:16 AM To: Cherukuri, Naresh; squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> Subject: RE: [squid-users] Squid Version 3.5.20 Hey, I can try to help you but I do not have enough logs for it. Also it's not so simple. Basically you will need to block gmail and google drive themselves in one rule that will not include other google services. All The Bests, Eliezer ---- http://ngtech.co.il/lmgtfy/ Linux System Administrator Mobile: +972-5-28704261 Email: elie...@ngtech.co.il<mailto:elie...@ngtech.co.il> From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Cherukuri, Naresh Sent: Friday, June 23, 2017 23:34 To: squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> Subject: [squid-users] Squid Version 3.5.20 Hello All, I installed Squid version 3.5.20 on RHEL 7 and generated selfsigned CA certificates, can you shed some light on how to "Configure regular expression of the Google ReCaptcha URL with ACL". My requirement : This requirement is to allow Google's ReCaptcha URL (HTTPS) so associates can successfully use ADP which now utilizes Google's ReCaptcha which is called via an HTTPS URL, without allowing users to access other Google-related services such as Gmail or Google Drive. Any ideas much appreciated! Thanks, Naresh ________________________________ squid-users mailing list squid-users@lists.squid-cache.org<mailto:squid-users@lists.squid-cache.org> http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
