Hello,
I have an Opensense 19.1.1 with Basic Proxy and no authentication.
I tried to block facebook through the conventional GUI blackslists in "Services > Web Proxy > Administration > Access Control List" but even added .facebook.com, ".facebook.com", facebook.com and "facebook.com" access is still allowed by the proxy. My ACL whitelist is empty.
Looking at the cli/bash configuration file "/usr/local/etc/squid/squid.conf" was as below;
# ACL - Blacklist - User defined (blackList)
acl blackList url_regex \.facebook\.com
acl blackList url_regex "\.facebook\.com"
acl blackList url_regex facebook\.com
acl blackList url_regex "facebook\.com"
and I see in the logs the access being allowed
192.168.10.254 TCP_TUNNEL/200 370105 CONNECT www.facebook.com:443 - HIER_DIRECT/185.60.219.35 -
So I also added Remote ACL UT1 and selected only porn and social_network and I still see the access being allowed by the Proxy.
Log access
1552499817.222 28 192.168.10.254 TCP_TUNNEL/200 39 CONNECT staticxx.facebook.com:443 - HIER_DIRECT/185.60.219.16 -
1552499817.222 32 192.168.10.254 TCP_TUNNEL/200 39 CONNECT staticxx.facebook.com:443 - HIER_DIRECT/185.60.219.16 -
1552498763.181 270673 192.168.10.254 TCP_TUNNEL/200 249290 CONNECT www.facebook.com:443 - HIER_DIRECT/185.60.219.35 -
1552498744.174 248720 192.168.10.254 TCP_TUNNEL/200 1740 CONNECT facebook.com:443 - HIER_DIRECT/185.60.219.35 -
I checked the /usr/local/etc/squid/acl/UT1 file and it contains 1,968,784 lines and with facebook 494 and even then access is allowed.
# wc -l /usr/local/etc/squid/acl/UT1
1968784 /usr/local/etc/squid/acl/UT1
# grep facebook /usr/local/etc/squid/acl/UT1 | wc -l
494
Is there something I'm doing wrong?
Thanks