Upgrade to 2.2 and I've screwed up something in my firewalling



  • As the topic title goes, I noticed one of my users was able to visit youtube when they used to be blocked on 2.1. I have an explicit rule for them

    "block from their ip to anything but their whitelisted sites with dest protocol https"

    So to test, I set up one of my Android devices with a similar rule:

    "block from my ip to youtube (www.youtube.com, m.youtube.com) with dest protocol https"

    But I can successfully visit https://www.youtube.com and https://m.youtube.com. Funnily enough, if I look at the firewall logs there isn't even a mention of these logs. Instead, I get multiple hits at the corresponding time to my Squid IP:port!

    I upgraded Squid (to 3.4.whatever) with 2.2 but didn't change it's config from before (Squid3-dev). It's not set to transparent on http and I'm not trying to do https interception. However, the Squid realtime logs are full of the youtube hits (both http and 443!). Why are my firewall rules failing to prevent youtube from getting to squid? Aren't the firewall rules applied first?

    I can try to change squidguard ACL to block youtube but with 2.1 it was the other way around - I tried setting up ACL for https sites but I never got Squid https working so I instead explicitly allowed https whitelists via firewall rules. But has 2.2 changed so my firewall rules are applied secondary to Squid, so I should block https via Squidguard instead?

    I didn't do a clean install. I upgraded. So there is a chance I have some stale config hanging around, I guess. But it was working fine on 2.1 for many months with the setup I had …