acl url_regex on squid3 is not working using an online tested regular expression

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

acl url_regex on squid3 is not working using an online tested regular expression

ppmartell
I was asked to block Facebook access from 8:00am to 3:00pm for almost all users but them are using **alternative Facebook URLs** to access the social network anyway. This is consuming a lot of our low bandwidth and we can't even work. I decided to design a **regular expression (regex) to parse these URLs and block them**. I don't want to block all facebook URLs but only alternatives. An alternative Facebook URLs mostly contains the words **prod** or **iphone**. The next ones are alternative Facebook URLs registered by our proxy server:

    m.iphone.touch.prod.facebook.com
    m.iphone.haid.prod.facebook.com:443
    m.ct.prod.facebook.com
    m.vi-vn.prod.facebook.com

The designed regex: `/((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)/`

I tested this regex on https://regex101.com/ and https://www.regextester.com. The regex is **matching** for:

    m.iphone.touch.prod.facebook.com
    m.iphone.haid.prod.facebook.com:443
    m.ct.prod.facebook.com
    m.vi-vn.prod.facebook.com

And is **not matching** for:

    www.facebook.com
    m.facebook.com
    mqtt.facebook.com (for purple-facebook)
    graph.facebook.com
    connect.facebook.com
    3-edge-chat.facebook.com

So far this is what I wanted, alternative URLs blocked and regular Facebook URLs allowed. **My regex looks good to be used in squid**.

Next step is to modify the file /etc/squid3/squid.conf by adding a new acl pointing the file that contains the regex:

    acl facebook dstdom_regex "/etc/squid3/acl/facebook" //The file contains the regex
    http_access deny pass facebook

When I run **squid3 -k parse** for check the configuration file I am getting the errors:

    2017/09/22 11:12:26| Processing: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
    2017/09/22 11:12:26| squid.conf line 78: acl facebook dstdom_regex "/etc/squid3/acl/facebook"
    2017/09/22 11:12:26| aclParseRegexList: Invalid regular expression '((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)': Invalid preceding regular expression
    2017/09/22 12:39:33| Warning: empty ACL: acl facebook dstdom_regex "/etc/squid3/acl/facebook"

Obviously, the squid3 parser is tagging my acl as **wrong**, but I already tested online and it was good to use. Also it says the acl is empty. What does this mean? The acl was declared with the name **facebook**. I am very confused at this.

--
Ing. Pedro Pablo Delgado Martell

Participe en el Congreso Internacional de las Ciencias Agropecuarias (AGROCIENCIAS 2017) http://www.agrocienciascuba.com/


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: acl url_regex on squid3 is not working using an online tested regular expression

Alex Rousskov
On 09/25/2017 12:42 PM, [hidden email] wrote:
> The designed regex:
> /((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)/

AFAICT, for the basic purpose of matching strings, the above mind
boggling regular expression can be simplified to:

  /\b(iphone|prod)\b.*\.facebook\.com/

Please note that I am _not_ saying that the expression works correctly
for your use case. I am only saying that its true meaning is much
simpler than the original version looks.


> aclParseRegexList: Invalid regular expression
> '((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)': Invalid
> preceding regular expression*

FWIW, the simplified expression above does not use the (?=...)
assertions, so it should not produce the above error.


> *    2017/09/22 12:39:33| Warning: empty ACL: acl facebook dstdom_regex
> "/etc/squid3/acl/facebook"*

> Obviously, the squid3 parser is tagging my acl as **wrong**, but I
> already tested online and it was good to use.

You did not test with the regex library used by your Squid. Different
libraries have different capabilities. The advanced feature (i.e., a
positive lookahead assertion) that your regex is using is apparently not
supported by the library that your Squid is using. Fortunately, that
feature is completely unnecessary for your use case.


> Also it says the acl is empty. What does this mean?

It probably means that after removing bad regexes, there were no regexes
left on the "acl ..." line. You can ignore this warning until you have
no warnings about invalid regular expressions.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

acl url_regex on squid3 is not working using an online tested regular expression

ppmartell
In reply to this post by ppmartell
As Mr. Alex Rousskov suggested, the problem was the regex itself. He provided me a modified regex (more simple) and now the filter is working.

My regex:          ((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)

Alex's regex:      \b(iphone|prod)\b.*\.facebook\.com

Using https://regex101.com/ both work, but squid only accepts the second one. After running squid3 -k parse I got no errors. Thanks Alex.

Participe en el Congreso Internacional de las Ciencias Agropecuarias (AGROCIENCIAS 2017) http://www.agrocienciascuba.com/


_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users