RE: [squid-users] https url filter issue from Sucheta Joshi on 2014-08-06 (squid-users)

From: Sucheta Joshi <sucheta.joshi_at_ripplehire.com>
Date: Wed, 6 Aug 2014 11:50:25 +0530

Hi,

We are using facebook share api in our application for which user need to
login using main site. Following URL if I need to allow and not have full
access for facebook for user then how to do it?

https://www.facebook.com/dialog/oauth?client_id=206510072861784&response_typ
e=code&redirect_uri=http://app.ripplehire.com/ripplehire/connect/facebook&sc
ope=publish_stream

I don't have option for dstdom_regex here as it is the main site.

I am able to do filter in other proxyies using keyword like my client id
"206510072861784" So it will allow only my API call and not whole site.

How to do this in Squid?

Thanks & Regards,
Sucheta Joshi
Technical Lead | RippleHire
+ 91 9960618324 | sucheta.joshi_at_ripplehire.com

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Monday, July 28, 2014 5:16 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] https url filter issue

On 28/07/2014 10:15 p.m., Sucheta Joshi wrote:
>
>
>
> Hi,
>
> Our client is using Squid proxy. We need to do following configurations
in
> Squid Proxy. We are using SquidGard UI to configure this.
>
> Block facebook and linkedin main sites but allow access to some of the
> facebook and Linkedin URL’s based on certain keywords. While doing this
> settings it url_regex worked for http access, but when we tested same for
> https it gives webpage not found.
>
> Need input on this.

Look in your Squid access.log.

Notice how the HTTPS traffic shows up as CONNECT requests with a
hostname/IP and ":" then port number. *only*.

Like so:
"CONNECT static-a.cdn.facebook.com:443 1.1"

This "static-a.cdn.facebook.com:443" part is the URL available to Squid
(and passed on to the squidguard URL helper). If you are going to use
regex patterns to match on URL that is all you have available for the
pattern to work on.

PS. you would be better off using dstdom_regex or dstdomain ACL types in
squid.conf when expecting to match CONNECT requests by URL.

Amos

-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2014.0.4716 / Virus Database: 3986/7934 - Release Date: 07/28/14
Received on Wed Aug 06 2014 - 06:20:31 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 06 2014 - 12:00:04 MDT