Hi everyone,
At my office I've implemented a Squid server which uses LDAP credentials
to give certain users access to certain websites. Basically, everyone
belongs to a base 'Filtered' group, and individual users can be added to
a 'FacebookAccess' group for access to facebook. This is mainly because
some departments (read: marketing) need access to facebook while others
do not.
I've only been working on in Squid for about a month and although I've
gotten pretty proficient at getting it to do what I want, I've
encountered what's seeming to be a higher-level problem.
Here's the relevant section of my conf file:
acl Unfiltered external InetGroup Unfiltered
acl FacebookAccess external InetGroup FacebookAccess
acl Filtered external InetGroup Filtered
acl blocksites url_regex "/etc/squid3/block.acl"
acl whitelist url_regex "/etc/squid3/whitelist.acl"
acl facebook url_regex .facebook.
acl fbcdn url_regex .fbcdn.
#Note: these two lines were added to troubleshoot
always_direct allow fbcdn
always_direct allow facebook
http_access allow Unfiltered
http_access allow Filtered whitelist
http_access allow FacebookAccess facebook
http_access allow FacebookAccess whitelist
http_access deny Filtered blocksites
http_access deny FacebookAccess blocksites
http_access allow FacebookAccess
http_access allow Filtered
And here's the problem:
Users in the FacebookAccess group can get to www.facebook.com
<http://www.facebook.com/> without a problem, and users who are only in
the Filtered group cannot. So that's great. However, when they log in
and reach www.facebook.com/home.php?, they just get a white screen -
sometimes. Occasionally it works and occasionally it doesnt; there
appears to be no rhyme or reason to it. I've added ".fbcdn." to my
whitelist.acl file, because I saw that content from that domain was
getting denied when facebook loads... but even after that, no go.
When I visit the site and log in, the access.log just shows:
jackk 08/Oct/2009 11:54:30 TCP_MISS/200 GET http://www.facebook.com/
jackk 08/Oct/2009 11:54:36 TCP_MISS/200 CONNECT login.facebook.com:443
jackk 08/Oct/2009 11:54:36 TCP_MISS/200 GET
http://www.facebook.com/home.php?
And to troubleshoot I tried accessing facebook from a member of the
'Unfiltered' group, to which no restrictive acl policies apply. Same
problem. Meanwhile obviously a direct, proxy-free connection to facebook
from my office works just fine.
I'm very, very stuck. Any advice on what to try next would be hugely
appreciated.
Thanks!
Jack Kelly
Network Services Administrator
W/S Development Associates, LLC
Chestnut Hill, MA
--------------------------------------------------------
This message (and any associated files) is the property of
S. R. Weiner and Associates Inc. and W/S Development Associates LLC
and is intended only for the use of the individual or entity to
which it is addressed and may contain information that is confidential,
subject to copyright or constitutes a trade secret. If you are not
the intended recipient you are hereby notified that any dissemination,
copying or distribution of this message, or files associated with this
message, is strictly prohibited. If you have received this message
in error, please notify us immediately by calling our corporate office
at 617-232-8900 and deleting this message from your computer.
Internet communications cannot be guaranteed to be secure or error-free
as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete, or contain viruses. Therefore, S. R. Weiner
and Associates, Inc. and W/S Development Associates LLC do not accept
responsibility for any errors or omissions that are present in this
message, or any attachment, that have arisen as a result of e-mail
transmission. If verification is required, please request a hard-copy
version of this message.
Any views or opinions presented in this message are solely those of
the author and do not necessarily represent those of the company.
Received on Thu Oct 08 2009 - 16:10:37 MDT
This archive was generated by hypermail 2.2.0 : Mon Oct 12 2009 - 12:00:03 MDT