[squid-users] Maxon App

Amos Jeffries squid3 at treenet.co.nz
Wed Apr 16 23:07:36 UTC 2025 

On 17/04/25 01:28, Adam Barnett wrote:
> Hi All,
> 
> Has anyone managed to get the maxon application working via squid?
> I have added all the IP's and URL that they have given us but it still 
> does not work, just sit on "Loading application" after signing in.
> 
> There is nothing in the logs and i even did a wirehark and an still 
> nothing that i could see.
> 
> 
> This is the section from my config
> 
> acl dst_maxon_domains url_regex .maxon.net
> acl dst_maxon_domains url_regex id.maxon.net
> acl dst_maxon_domains url_regex packages.maxon.net
> acl dst_maxon_domains url_regex asset.maxon.net
> acl dst_maxon_domains url_regex cloudfront.net
> acl dst_maxon_domains url_regex cloudflare.com
> acl dst_maxon_domains url_regex recaptcha.net
> acl dst_maxon_domains url_regex fonts.googleapis.com
> acl dst_maxon_domains url_regex zbrushcentral.com
> acl dst_maxon_domains url_regex mini-cart.widget.maxon.net
> acl dst_maxon_domains url_regex recaptcha.net
> acl dst_maxon_domains url_regex cacerts.digicert.com
> acl dst_maxon_domains url_regex ts-aia.ws.symantec.com
> acl dst_maxon_domains url_regex rb.symcb.com
> acl dst_maxon_domains url_regex static.edge.microsoftapp.net
> acl dst_maxon_domains url_regex cookiebot.com
> acl dst_maxon_domains url_regex maxon-prod.eu-west-1.elasticbeanstalk.com


Several problems with the above.

1) these are dstdomain patterns. Not regex.
   Currently


2) The entry for " .maxon.net " overlaps with all of these (and more):

 > acl dst_maxon_domains url_regex id.maxon.net
 > acl dst_maxon_domains url_regex packages.maxon.net
 > acl dst_maxon_domains url_regex asset.maxon.net
 > acl dst_maxon_domains url_regex mini-cart.widget.maxon.net

you can remove those extras.


3) Multiple entries for "recaptcha.net"



> 
> acl maxon_ip dst 173.245.48.0/20
> acl maxon_ip dst 103.21.244.0/22
> acl maxon_ip dst 103.22.200.0/22
> acl maxon_ip dst 103.31.4.0/22
> acl maxon_ip dst 141.101.64.0/18
> acl maxon_ip dst 108.162.192.0/18
> acl maxon_ip dst 190.93.240.0/20
> acl maxon_ip dst 188.114.96.0/20
> acl maxon_ip dst 197.234.240.0/22
> acl maxon_ip dst 198.41.128.0/17
> acl maxon_ip dst 162.158.0.0/15
> acl maxon_ip dst 104.16.0.0/13
> acl maxon_ip dst 104.24.0.0/14
> acl maxon_ip dst 172.64.0.0/13
> acl maxon_ip dst 131.0.72.0/22
> acl maxon_ip dst 169.254.169.254
> 

IP ranges are fine, but you should not need them unless the proxy is 
receiving URLs containing raw-URLs. Otherwise you risk allowing access 
to foreign domains that are simply hosted somewhere within those very 
large IP spaces.


> Any suggestions


So your "acl lines" have defined the data to test against.

What access policy have you defined for using these?

Please show your *_access configuration.


HTH
Amos

More information about the squid-users mailing list