[squid-users] Time based ACLs not affecting all traffic

From: Stephen McGuinness <webmcgu_at_gmail.com>
Date: Tue, 7 Feb 2012 11:00:43 -0500

I am trying to force the users behind my proxy to be forced into a
human interaction based ACL at a certain time every night. I have it working
pretty well, but there is still traffic that is not getting filtered
by that ACL.

From what I can figure out so far, if connections are active before
the time ACL kicks in, some are forced to the ACL that requires
human interaction, but not for all content. It seems that traffic
making it through has a mime type of application/javascript or
application/json, or no specified mime-type at all. It could be
something else, but from what I can get out of the logs, that's all i
can figure.

Sadly there so much traffic going though the proxy, I can't turn on the debug
logging to see which ACL might be letting them through, but the requests are
showing in the logs, which makes me think it's going through the ACLs.

Does anyone know how to reset all the connections without having to
restart the service, or something else more drastic like messing with
the system firewall via a script?

As some more information, we use auth-digest, some very large ACL lists,
and the external human-interaction based on time of day.

Thanks-

Steve
Received on Tue Feb 07 2012 - 16:00:49 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 08 2012 - 12:00:02 MST