mirde
asked on
Squid & ACLs.. getting blocked after specifying acl in squid.conf..
Hello,
I have a need to allow a certain few users to access Facebook, currently this is blocked for everyone in our environment through Squid and SquidGuard.
My squid.conf is configured as follows:
In the configuration above, I have the Active Directory security group "Facebook Users", whoever is in this group should be able to access FB. This is not the effect I am seeing as in my log I get:
1313087352.432 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.436 3 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.580 0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.583 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.589 5 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.711 0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.715 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
Trying to access facebook.com as a user that is part of the security group.
Any ideas?
Thanks.
I have a need to allow a certain few users to access Facebook, currently this is blocked for everyone in our environment through Squid and SquidGuard.
My squid.conf is configured as follows:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
external_acl_type nt_group ttl=7200 children=32 %LOGIN /usr/lib64/squid/wbinfo_group.pl
acl FacebookUsers external nt_group FacebookUsers
acl Facebook dstdomain .facebook.com
http_access allow Facebook FacebookUsers
http_access deny Facebook
# And finally deny all other access to this proxy
http_access deny all
In the configuration above, I have the Active Directory security group "Facebook Users", whoever is in this group should be able to access FB. This is not the effect I am seeing as in my log I get:
1313087352.432 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.436 3 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.580 0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.583 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.589 5 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.711 0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.715 0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
Trying to access facebook.com as a user that is part of the security group.
Any ideas?
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER