SQUID not intercepting everything

  • Hello,

    I have pfsense with SQUID SSL transparent proxy and SquidGuard and all works like a charm except when a user already had previous access to something that now is not permitted by SquidGuard, then Squid does not intercept their connection. Do you have any idea as to why? Is this the way Squid function? If I delete user cache from Chrome then Squid intercepts their connections and works good but unfortunately this is not a solution for our company as it would be very difficult for us to pass by each station and delete their cache. It also cannot be done through Active Directory for Chrome, only for IE but no one uses it so it is useless.

    Could someone explain me if this is the way Squid suppose to work or maybe there is a problem with my configuration? I use SpliceWhitelist or Bump Otherwise and the Whitelist is currently empty so no one should be able to bypass the proxy.

    Thank you!

  • I think you answered your own question. It doesn't block until you clear their local cache... so maybe it's been working all along and blocking as it should, but the blocked content is being pulled from local cache and/or squid? I don't know how squid behaves if you ask for content that is technically blocked for that user, but is sitting in squid's cache. Squidguard is a helper program that gets called for each URL that squid needs to fetch. If the required content is still is cache and not stale, it will server from there first.

Log in to reply