Avatar of mirde
mirde
Flag for Canada asked on

Squid & ACLs.. getting blocked after specifying acl in squid.conf..

Hello,

I have a need to allow a certain few users to access Facebook, currently this is blocked for everyone in our environment through Squid and SquidGuard.

My squid.conf is configured as follows:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports

http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS


external_acl_type nt_group ttl=7200 children=32 %LOGIN /usr/lib64/squid/wbinfo_group.pl

acl FacebookUsers external nt_group FacebookUsers
acl Facebook dstdomain .facebook.com

http_access allow Facebook FacebookUsers
http_access deny Facebook

# And finally deny all other access to this proxy
http_access deny all

Open in new window


In the configuration above, I have the Active Directory security group "Facebook Users", whoever is in this group should be able to access FB. This is not the effect I am seeing as in my log I get:

1313087352.432      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.436      3 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.580      0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.583      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.589      5 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.711      0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.715      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html


Trying to access facebook.com as a user that is part of the security group.

Any ideas?

Thanks.
SecurityActive DirectoryLinux Security

Avatar of undefined
Last Comment
mirde

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
ReN501

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
mirde

ASKER
worked for me
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23