troubleshooting Question

Squid & ACLs.. getting blocked after specifying acl in squid.conf..

Avatar of mirde
mirdeFlag for Canada asked on
SecurityLinux SecurityActive Directory
2 Comments1 Solution1175 ViewsLast Modified:
Hello,

I have a need to allow a certain few users to access Facebook, currently this is blocked for everyone in our environment through Squid and SquidGuard.

My squid.conf is configured as follows:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports

http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS


external_acl_type nt_group ttl=7200 children=32 %LOGIN /usr/lib64/squid/wbinfo_group.pl

acl FacebookUsers external nt_group FacebookUsers
acl Facebook dstdomain .facebook.com

http_access allow Facebook FacebookUsers
http_access deny Facebook

# And finally deny all other access to this proxy
http_access deny all

In the configuration above, I have the Active Directory security group "Facebook Users", whoever is in this group should be able to access FB. This is not the effect I am seeing as in my log I get:

1313087352.432      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.436      3 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.580      0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.583      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html
1313087352.589      5 172.16.4.142 TCP_DENIED/403 1485 GET http://www.facebook.com/ mirde NONE/- text/html
1313087352.711      0 172.16.4.142 TCP_DENIED/407 1848 GET http://www.facebook.com/ - NONE/- text/html
1313087352.715      0 172.16.4.142 TCP_DENIED/407 2044 GET http://www.facebook.com/ - NONE/- text/html


Trying to access facebook.com as a user that is part of the security group.

Any ideas?

Thanks.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 2 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros