Re: [squid-users] Weird issue with Chrome from Jaime Gomez on 2012-09-19 (squid-users)

From: Jaime Gomez <Jaime.Gomez_at_cmcapitalmarkets.es>
Date: Wed, 19 Sep 2012 11:18:52 +0200

Hi Amos,

You are right, I didn't explain myself properly. We use ident to identify our users. One user with IE or firefox wants to go to one Facebook. He receives a wonderful deny message saying that he is not allowed. Same user with Chrome does the same and he is able to access to Facebook. After doing some research I found out that this only happens if I use https.

Here is the conf file. I've made a little modifications just to show the important things:

cache_effective_user proxy
cache_effective_group proxy
visible_hostname x.x.x.x
unique_hostname x.x.x.x
coredump_dir /data/squid

http_port 3128
cache_access_log /data/squid/logs/access.log
cache_access_log /data/squid/logs/access.log
cache_store_log /data/squid/logs/store.log
cache_log /data/squid/logs/cache.log
pid_filename /data/squid/logs/squid.pid
logfile_rotate 2
via off
forwarded_for off

dns_nameservers x.x.x.x
positive_dns_ttl 8 hours
negative_dns_ttl 30 seconds

cache_replacement_policy heap LFUDA
cache_swap_low 90
cache_swap_high 95
maximum_object_size_in_memory 20 KB
cache_dir aufs /data/squid/cache 16000 16 256
cache_mem 16 MB
memory_pools off
maximum_object_size 64 MB
quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off
negative_ttl 0 minutes

external_acl_type myIdent children=15 %SRC %IDENT /usr/bin/perl /data/squid/scripts/myIdentUsers.pl
acl ident_auth external myIdent REQUIRED

acl WebUsers ident "/data/squid/groups/WebUsers"

acl Socialnet dstdomain "/data/squid/blacklists/socialnet/domains"

http_access deny Socialnet

http_access allow WebUsers

Thanks for your help.

Regards.

>>> Amos Jeffries <squid3_at_treenet.co.nz> 19/09/2012 2:53 >>>
On 19/09/2012 1:45 a.m., Jaime Gomez wrote:
> Hi all,
>
> We have a very weird issue. I've been googling but couldn't find the answer. We have our Squid (Squid Cache: Version 3.1.18) configured in order to do some content filter. For instance: some people can access Facebook and other social Webpages while others don't. The weird issue is that people with Chrome can skip this acl. With IE and Firefox it works. How is this possible?

It might be because you configured it to happen. Or that Chrome is
simply not using the proxy.

Some information about what your configuration actually is would help
(details please).

Amos
Received on Wed Sep 19 2012 - 09:19:03 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 20 2012 - 12:00:04 MDT