[squid-users] time based Instant Message blocking from Manu C S on 2003-10-22 (squid-users)

From: Manu C S <manu@dont-contact.us>
Date: Wed, 22 Oct 2003 18:12:15 -0500 (CDT)

Hi,

[I'm a newbie, so please bear with me.]

I need to provide time-based access to
yahoo & msn messengers in my college lab.

The restriction is only for students.
Staff & Admins have unrestricted access to IM services.
For students, chatting is allowed only on
Mondays - full day
all other days: 7AM to 9AM,
12PM to 5 PM
9PM to 12AM

My rules are like this:

------------------------------------------------------------
acl admin-mc src 192.168.10.1
acl staff-mc src 192.168.10.201-192.168.10.220
acl holiday-time time M 00:00-24:00
acl morning-time time STWHFA 07:00-09:00
acl noon-time time STWHFA 12:00-17:00
acl night-time time STWHFA 21:00-24:00
acl restrict-im dstdom_regex -i "/etc/squid/im"

(where the file /etc/squid/im has the following lines:
msg.*.yahoo.com
messenger.hotmail.com
)
acl student proxy_auth "/etc/squid/students"
(where /etc/squid/students has a list of all the students)

http_access allow restrict-im admin-mc
http_access allow restrict-im staff-mc
http_access allow holiday-time restrict-im localnet
http_access allow morning-time restrict-im localnet
http_access allow noon-time restrict-im localnet
http_access allow night-time restrict-im localnet
http_access deny restrict-im all
------------------------------------------------------------

On the admin & staff machines, things are working fine.
The problem now is that when I login to a student's machine
as an administrator, I can use the IMs properly.
If I login as a student, I'm unable to use it!

I used ethereal to sniff the traffic in order to
find out what was happening. I found that
when I used yahoo messenger, absolutely no contact was
made with the gateway on which the proxy server was sitting.
Yahoo messenger immediately gave me a message saying
'Not connected'
In case of msn messenger, it was contacting the proxy,
but I wasn't prompted for proxy authentication. Finally I would
get a timed out message. In ethereal's output I found that
the proxy was actually sending back a HTML error message
saying 'Cache access denied' because of improper authentication.

To make things more complicated, 2 of the total 95 machines
in the student network are allowing proper access to IMs!

All the machines on our network have Windows XP or 2K.
I'm using yahoo messenger v5.6 and msn messenger v6.0

Can anyone please help?

[If needed, I can email the entire squid.conf file. It's about
119 lines long.]

Regards,
Manu
Received on Wed Oct 22 2003 - 06:44:48 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:20:35 MST