[H-GEN] squid and facebook

Russell Stuart russell-humbug at stuart.id.au
Tue Sep 20 18:56:15 EDT 2011


On Wed, 2011-09-21 at 08:32 +1000, Troy Piggins wrote: 
> The only things I can think of are that this FF addon somehow falls
> back to some port other than 80 if it doesn't get through on that,
> or, even though the browser URL is displaying the above the content
> is actually coming from somewhere else?  Checking the sarg logs
> I see FB's content server domain fbcdn.net and have blocked that
> too but no joy.
> 
> Any ideas?  I could block all outgoing ports other than the few
> servers, but in the past I've found that's painful.

The first step is to figure out how it is getting through.  That should
be difficult.  The squid logs will tell you if it is going via port 80.
A tool like wireshark or iptraf will make it obvious if it is going
through a some other port.

My guess is it's using SSL, and you will have to block accesses to
facebook.com:443, and possibly CONNECT's to facekbook.com as well.





More information about the General mailing list