Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Blacklist and Remote ACL not working
« previous
next »
Print
Pages: [
1
]
Author
Topic: Blacklist and Remote ACL not working (Read 2632 times)
M@rch0n
Newbie
Posts: 20
Karma: 0
Blacklist and Remote ACL not working
«
on:
March 13, 2019, 07:25:11 pm »
Hello,
I have an Opensense 19.1.1 with Basic Proxy and no authentication.
I tried to block facebook through the conventional GUI blackslists in "Services > Web Proxy > Administration > Access Control List" but even added .facebook.com, ".facebook.com", facebook.com and "facebook.com" access is still allowed by the proxy. My ACL whitelist is empty.
Looking at the cli/bash configuration file "/usr/local/etc/squid/squid.conf" was as below;
# ACL - Blacklist - User defined (blackList)
acl blackList url_regex \.facebook\.com
acl blackList url_regex "\.facebook\.com"
acl blackList url_regex facebook\.com
acl blackList url_regex "facebook\.com"
and I see in the logs the access being allowed
192.168.10.254 TCP_TUNNEL/200 370105 CONNECT
www.facebook.com:443
- HIER_DIRECT/185.60.219.35 -
So I also added Remote ACL UT1 and selected only porn and social_network and I still see the access being allowed by the Proxy.
Log access
1552499817.222 28 192.168.10.254 TCP_TUNNEL/200 39 CONNECT staticxx.facebook.com:443 - HIER_DIRECT/185.60.219.16 -
1552499817.222 32 192.168.10.254 TCP_TUNNEL/200 39 CONNECT staticxx.facebook.com:443 - HIER_DIRECT/185.60.219.16 -
1552498763.181 270673 192.168.10.254 TCP_TUNNEL/200 249290 CONNECT
www.facebook.com:443
- HIER_DIRECT/185.60.219.35 -
1552498744.174 248720 192.168.10.254 TCP_TUNNEL/200 1740 CONNECT facebook.com:443 - HIER_DIRECT/185.60.219.35 -
I checked the /usr/local/etc/squid/acl/UT1 file and it contains 1,968,784 lines and with facebook 494 and even then access is allowed.
# wc -l /usr/local/etc/squid/acl/UT1
1968784 /usr/local/etc/squid/acl/UT1
# grep facebook /usr/local/etc/squid/acl/UT1 | wc -l
494
Is there something I'm doing wrong?
Thanks
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Blacklist and Remote ACL not working