Exceptions in locked categories load without images SOLVED

firewire · Mar 8, 2016, 8:23 PM

Hello,

I installed pfsense 2.2 with Squid 3 and Squidguard to make content filtering.
The proxy is configured in transparent mode, with MITM mode for https sites.
I added a Target Categories "AllowedSites" containing twitter.com domain.
I created an ACL Group called "BlockedClients" that blocks all SocialNet; in this group "AllowedSites" category is set to "whitelist" (basically all the social are blocked except Twitter).
If I try to navigate from "BlockedClients" group all seems to work, and i open twitter, but the site is like a text site without images (as you can see in the attached image).
I tried googling the problem but no luck.
Is there anyone who can help me to understand the type of problem and how to solve it?

Thanks in advance.

KOM · Mar 7, 2016, 9:32 PM

This question would be better in the Cache/Proxy forum.

What you're seeing is cached content from the last time that site was successfully loaded by squid. You can fix it by going to squid's settings and clicking the Clear Disk Cache NOW button.

firewire · Mar 8, 2016, 12:09 AM

Unfortunately your tip dont works.
I've cleared and rebooted pfsense but problems remains.

I move question in cache/proxy section.

ThankU

KOM · Mar 8, 2016, 2:23 PM

Try clearing your browser's cache as well.

firewire · Mar 8, 2016, 3:07 PM

ThankU again

so i've performed these tasks:

clear disk cache now
rebooted pfsense
clear cache of Chrome and Firefox
install new browser (opera)

Result on all browser: problems remains

KOM · Mar 8, 2016, 4:04 PM

OK, I misunderstood your problem. Please post some screenshots of your squidGuard ACLs & Target Categories so we can see what you have configured.

firewire · Mar 8, 2016, 4:24 PM

attached group acl and categories

firewire · Mar 8, 2016, 4:35 PM

ah
common ACL have alla catecories untouched except
Dummy = deny
Default access [all] = allow

(see screenshots)

KOM · Mar 8, 2016, 5:53 PM

I do something similar so that our salespeople can get to LinkedIn but not other social media sites. I set my Target Category to Allow instead of Whitelist. Try that and maybe it will work better for you.

firewire · Mar 8, 2016, 6:02 PM

modify from "whitelist" to "allow" gives me FORBIDDEN

KOM · Mar 8, 2016, 6:35 PM

For ACL 'Gruppo1', can you click the green arrow beside Target Rules List (click here) and look at the list of categories. Where is your SitiAbilitati Target Category in the list? It should be at the top. See my image for an example. To be clear, I named my target category Whitelist. I also notice that you are using a schedule. Make sure that you don't have it backwards, where it blocks things that you expect to be open based on time of day.

firewire · Mar 8, 2016, 6:59 PM

I have disabled time restictions with no success

attached order of categories

KOM · Mar 8, 2016, 7:13 PM

Look in the squidguard log and see if that shows anything of interest.

firewire · Mar 8, 2016, 8:23 PM

SOLVED

twitter use pbs.twimg.com wherer it put images and so on (cfr https://twittercommunity.com/t/what-is-this-pbs-twimg-etc/10119)
whitelisting only twitter.com it is not sufficient
i've added also twimg.com and load is correct.

ThankU for your support

PS
I've another problem, I have to open a new topic?

thankU again

KOM · Mar 8, 2016, 8:41 PM

I've another problem, I have to open a new topic?

Glad to hear you figured it out. How did you do it?

Yes, please start a new topic if it isn't directly related to this specific problem.

firewire · Mar 8, 2016, 8:58 PM

surfing with chrome at bottom you can see url surfed
i've noted this url, googled and understand what was
in squidguard log pbs.twimg.com was blocked
et voilà:)

KOM · Mar 8, 2016, 9:04 PM

Yeah, I should have mentioned checking squidguard's log much sooner than I did.