Re: [squid-users] How to block MSN, Yahoo, ICQ and mIRC

Hi,

There are many ways it could be possible, here are a few I played with.

1: use the dst acl and block all the subnets that the login servers for
these servces reside on, this can be quite hard as they can change without
notice.

eg.
acl MSN dst 64.4.13.0/255.255.255.0
http_access deny MSN

2: use the dstdomain to block the login servers, this may only work with
ICQ, AIM as MSN messenger connects via IP I think.

eg.
acl ICQ dstdomain login.icq.com
http_access deny ICQ

3: using the req_mime_type acl is probably the best and is the one we use,
it matches the requested mime type and this works very well.

acl MSN req_mime_type ^application/x-msn-messenger$
http_access deny MSN

This has been dicussed on the list before, seach the archives for more
details.

Hope this helps.

Regards,
Richard Fuser
Firewall Administrator

|--------+----------------------->
| | "Muhammad |
| | Imran Kiani" |
| | <imrank@pseb.|
| | org.pk> |
| | |
| | 11/06/2003 |
| | 12:46 AM |
| | |
|--------+----------------------->
>----------------------------------------------------------------------------------------------------------------------------------------------|
  | |
  | To: <squid-users@squid-cache.org> |
  | cc: |
  | Subject: [squid-users] How to block MSN, Yahoo, ICQ and mIRC |
>----------------------------------------------------------------------------------------------------------------------------------------------|

Hi
I want to restrict the access to MSN, Yahoo, ICQ and mIRC of my users in
LAN
 I have linux 8 runnig squid, I tried various ACL's on ports but useless.
Is
there anybody who has successfully implemented the restriction? I shall be
thankful.

Regards

Imran Kiani
Received on Tue Jun 10 2003 - 21:49:08 MDT