[squid-users] acl url_regex on squid3 is not working using an online tested regular expression

[ppmartell]

I was asked to block Facebook access from 8:00am to 3:00pm for almost all users 
but them are using **alternative Facebook URLs** to access the social network 
anyway. This is consuming a lot of our low bandwidth and we can't even work. I 
decided to design a **regular expression (regex) to parse these URLs and block 
them**. I don't want to block all facebook URLs but only alternatives. An 
alternative Facebook URLs mostly contains the words **prod** or **iphone**. The 
next ones are alternative Facebook URLs registered by our proxy server: 

m.iphone.touch.prod.facebook.com 
m.iphone.haid.prod.facebook.com:443 
m.ct.prod.facebook.com 
m.vi-vn.prod.facebook.com 

The designed regex: 
`/((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)/` 

I tested this regex on https://regex101.com/ and https://www.regextester.com. 
The regex is **matching** for: 

m.iphone.touch.prod.facebook.com 
m.iphone.haid.prod.facebook.com:443 
m.ct.prod.facebook.com 
m.vi-vn.prod.facebook.com 

And is **not matching** for: 

www.facebook.com 
m.facebook.com 
mqtt.facebook.com (for purple-facebook) 
graph.facebook.com 
connect.facebook.com 
3-edge-chat.facebook.com 

So far this is what I wanted, alternative URLs blocked and regular Facebook 
URLs allowed. **My regex looks good to be used in squid**. 

Next step is to modify the file /etc/squid3/squid.conf by adding a new acl 
pointing the file that contains the regex: 

acl facebook dstdom_regex "/etc/squid3/acl/facebook" //The file contains the 
regex 
http_access deny pass facebook 

When I run **squid3 -k parse** for check the configuration file I am getting 
the errors: 

2017/09/22 11:12:26| Processing: acl facebook dstdom_regex 
"/etc/squid3/acl/facebook" 
2017/09/22 11:12:26| squid.conf line 78: acl facebook dstdom_regex 
"/etc/squid3/acl/facebook" 
2017/09/22 11:12:26| aclParseRegexList: Invalid regular expression 
'((?=.*\biphone\b)|(?=.*\bprod\b)).*\.facebook\.com(\:|\d|)': Invalid preceding 
regular expression 
2017/09/22 12:39:33| Warning: empty ACL: acl facebook dstdom_regex 
"/etc/squid3/acl/facebook" 

Obviously, the squid3 parser is tagging my acl as **wrong**, but I already 
tested online and it was good to use. Also it says the acl is empty. What does 
this mean? The acl was declared with the name **facebook**. I am very confused 
at this. 

-- 
Ing. Pedro Pablo Delgado Martell 

Participe en el Congreso Internacional de las Ciencias Agropecuarias 
(AGROCIENCIAS 2017) http://www.agrocienciascuba.com/
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users