Hi Amos, Thanks for your quick response. I try to answer all your questions: 1.- Yes, the Chrome requests show up in squid access.log 2.- The Required issue: you are right. It was my fault. I didn't check the conf file properly. 3.- WebUsers group content: people that are not allowed to visit certain web pages. For instance: john.doe SocialNet: web pages like this: .facebook.com, .twitter.com and so on. 4.- That is the end of the file. Am I missing something? Thanks in advance, Regards, Jaime.
>>> Amos Jeffries <squ...@treenet.co.nz> 20/09/2012 5:39 >>> On 19/09/2012 9:18 p.m., Jaime Gomez wrote: > Hi Amos, > > You are right, I didn't explain myself properly. We use ident to identify our > users. One user with IE or firefox wants to go to one Facebook. He receives > a wonderful deny message saying that he is not allowed. Same user with Chrome > does the same and he is able to access to Facebook. After doing some research > I found out that this only happens if I use https. Are the Chrome requests showing up in squid access.log? > Here is the conf file. I've made a little modifications just to show the > important things: > > cache_effective_user proxy > cache_effective_group proxy > visible_hostname x.x.x.x > unique_hostname x.x.x.x > coredump_dir /data/squid > > http_port 3128 > cache_access_log /data/squid/logs/access.log > cache_access_log /data/squid/logs/access.log > cache_store_log /data/squid/logs/store.log > cache_log /data/squid/logs/cache.log > pid_filename /data/squid/logs/squid.pid > logfile_rotate 2 > via off > forwarded_for off > > dns_nameservers x.x.x.x > positive_dns_ttl 8 hours > negative_dns_ttl 30 seconds > > cache_replacement_policy heap LFUDA > cache_swap_low 90 > cache_swap_high 95 > maximum_object_size_in_memory 20 KB > cache_dir aufs /data/squid/cache 16000 16 256 > cache_mem 16 MB > memory_pools off > maximum_object_size 64 MB > quick_abort_min 0 KB > quick_abort_max 0 KB > log_icp_queries off > client_db off > buffered_logs on > half_closed_clients off > negative_ttl 0 minutes > > external_acl_type myIdent children=15 %SRC %IDENT /usr/bin/perl > /data/squid/scripts/myIdentUsers.pl > acl ident_auth external myIdent REQUIRED "REQUIRED" ? looks like you do not understand what is going on. 'REQUIRED' is a magic value for proxy_auth ACL type. It has nothing to do with any others. When used on the external ACL, the helper will be passed the three strings: client IP address, client provided IDENT label, ... and the textual word "REQUIRED". > > acl WebUsers ident "/data/squid/groups/WebUsers" > > acl Socialnet dstdomain "/data/squid/blacklists/socialnet/domains" and what is this files content? > > http_access deny Socialnet > > http_access allow WebUsers anything else afterwards? Amos > > Thanks for your help. > > Regards. > >>>> Amos Jeffries <squ...@treenet.co.nz> 19/09/2012 2:53 >>> > On 19/09/2012 1:45 a.m., Jaime Gomez wrote: >> Hi all, >> >> We have a very weird issue. I've been googling but couldn't find the answer. >> We have our Squid (Squid Cache: Version 3.1.18) configured in order to do >> some content filter. For instance: some people can access Facebook and other >> social Webpages while others don't. The weird issue is that people with >> Chrome can skip this acl. With IE and Firefox it works. How is this possible? > It might be because you configured it to happen. Or that Chrome is > simply not using the proxy. > > Some information about what your configuration actually is would help > (details please). > > Amos >