I was asked to block Facebook access from 8:00am to 3:00pm for almost all users but them are using alternative Facebook URLs to access the social network anyway. This is consuming a lot of our low bandwidth and we can't even work. I decided to design a regular expression (regex) to parse these URLs and block them. I don't want to block all facebook URLs but only alternatives. An alternative Facebook URLs mostly contains the words prod or iphone. The next ones are alternative Facebook URLs registered by our proxy server:
m.iphone.touch.prod.facebook.com
m.iphone.haid.prod.facebook.com:443
m.ct.prod.facebook.com
m.vi-vn.prod.facebook.comThe designed regex: /((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)/
I tested this regex on and . The regex is matching for:
m.iphone.touch.prod.facebook.com
m.iphone.haid.prod.facebook.com:443
m.ct.prod.facebook.com
m.vi-vn.prod.facebook.comAnd is not matching for:
m.facebook.com
mqtt.facebook.com (for purple-facebook)
graph.facebook.com
connect.facebook.com
3-edge-chat.facebook.comSo far this is what I wanted, alternative URLs blocked and regular Facebook URLs allowed. My regex looks good to be used in squid.
Next step is to modify the file /etc/squid3/squid.conf by adding a new acl pointing the file that contains the regex:
acl facebook dstdom_regex "/etc/squid3/acl/facebook" //The file contains the regex
http_access deny pass facebookWhen I run squid3 -k parse for check the configuration file I am getting the errors:
2017/09/22 11:12:26| Processing: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
2017/09/22 11:12:26| squid.conf line 78: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
2017/09/22 11:12:26| aclParseRegexList: Invalid regular expression '((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)': Invalid preceding regular expression
2017/09/22 12:39:33| Warning: empty ACL: acl facebook dstdom_regex "/etc/squid3/acl/facebook"Obviously, the squid3 parser is tagging my acl as wrong, but I already tested online and it was good to use. Also it says the acl is empty. What does this mean? The acl was declared with the name facebook. I am very confused at this.
1 Answer
The problem is in the regex. Changed the regex with this one: \b(iphone|prod)\b.*\.facebook\.com and now squid is stopping the URLs. After running squid3 -k parse squid says there is no problem, and if an user is trying to access to an alternative Facebook link such as (for instance): test.prod.facebook.com the proxy refuses the connection.
