"What do you get in access.log on the streaming audio requests from this
user?"
I just found out that I can successfully block RealAudio, but only if
it's initiated from RealOne, the standalone software package. A friend
from the UK listens to Virgin Radio UK, and when he prompted me to try
there, it streamed right on through. He theorizes that the Virgin
streaming service operates with Real software, but at the plugin level
for Internet Explorer. This is also the sole browser in use with my
company.
One line of "access.log" for Virgin Radio UK looks like this:
1069796703.688 268 192.168.0.99 TCP_MISS/200 382 GET
http://www.virginradio.co.uk/images/subsite/blank-automatic.htm? -
DIRECT/212.187.204.100 image/png [Accept: */*\r\nReferer:
http://www.virginradio.co.uk/thestation/listen/index.html\r\nAccept-Lang
uage: en-us\r\nProxy-Connection: Keep-Alive\r\nUser-Agent: Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1)\r\nHost:
www.virginradio.co.uk\r\nCookie: GCGMTELAPSE=1069795700500;
GCUID01=619687936; GCCKVER=5; GCUID02=619687936;
GColdrelativetimecookie=41937;
GCSTRM01=/e15_4j/43156/e15_CP/41937/e01_CP/1069796740937/e03_CP/10697967
40937/; GC02BASE=Tue%20Nov%2025%2015%3A44%3A59%20CST%202003;
GCSTRMPR=874239091; GCLASTRUN=1069796740937;
GCSESSINFO=Tue%2C%2025%20Nov%202003%2021%3A45%3A40%20UTC\r\n] [HTTP/1.1
200 OK\r\nDate: Tue, 25 Nov 2003 21:45:03 GMT\r\nServer: Apache/1.3.26
(Unix) mod_gzip/1.3.19.1a PHP/4.2.3\r\nX-Powered-By:
PHP/4.2.3\r\nX-Accelerated-By: PHPA/1.3.1pre3\r\nConnection:
close\r\nContent-Type: image/png\r\n\r]
Two more of the lines include the following information:
1069796701.965 3034 192.168.0.99 TCP_MISS/200 72950 GET
http://www.virginradio.co.uk/thestation/listen/index.html -
DIRECT/212.187.204.100 text/html [Accept: image/gif, image/x-xbitmap,
image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*\r\nAccept-Language: en-us\r\nCookie:
GCGMTELAPSE=1069795451609; GCUID01=619687936; GCCKVER=5;
GCUID02=619687936; GColdrelativetimecookie=43156;
GCSTRM01=/e15_5J/43609/e02_5J/1069795467171/e15_4j/43156/e01_4j/10697954
71156/e01_5J/1069795472078/e02_5J/1069795700500/;
GC02BASE=Tue%20Nov%2025%2015%3A23%3A48%20CST%202003; GCSTRMPR=874239091;
GCLASTRUN=1069795700500\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1)\r\nHost: www.virginradio.co.uk\r\nProxy-Connection:
Keep-Alive\r\n] [HTTP/1.1 200 OK\r\nSet-Cookie:
GCGMTELAPSE=1069795700500;path=/; expires=Fri, 01-Jan-2010 00:00:00
GMT\r\nDate: Tue, 25 Nov 2003 21:44:59 GMT\r\nServer: Apache/1.3.26
(Unix) mod_gzip/1.3.19.1a PHP/4.2.3\r\nX-Powered-By:
PHP/4.2.3\r\nX-Accelerated-By: PHPA/1.3.1pre3\r\nConnection:
close\r\nContent-Type: text/html\r\n\r]
1069796702.313 91 192.168.0.99 TCP_IMS_HIT/304 235 GET
http://www.virginradio.co.uk/clickstream/clickstream.js - NONE/-
application/x-javascript [Accept: */*\r\nReferer:
http://www.virginradio.co.uk/thestation/listen/index.html\r\nAccept-Lang
uage: en-us\r\nCookie: GCGMTELAPSE=1069795700500; GCUID01=619687936;
GCCKVER=5; GCUID02=619687936; GColdrelativetimecookie=43156;
GCSTRM01=/e15_5J/43609/e02_5J/1069795467171/e15_4j/43156/e01_4j/10697954
71156/e01_5J/1069795472078/e02_5J/1069795700500/;
GC02BASE=Tue%20Nov%2025%2015%3A23%3A48%20CST%202003; GCSTRMPR=874239091;
GCLASTRUN=1069795700500\r\nIf-Modified-Since: Wed, 02 Oct 2002 12:39:56
GMT; length=2850\r\nUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1)\r\nHost: www.virginradio.co.uk\r\nProxy-Connection:
Keep-Alive\r\n] [HTTP/1.0 304 Not Modified\r\nDate: Tue, 25 Nov 2003
15:49:21 GMT\r\nContent-Type: application/x-javascript\r\nLast-Modified:
Wed, 02 Oct 2002 12:39:56 GMT\r\n\r]
The only thing of note here may be the "application/x-shockwave-flash",
but I can't kill it across the board just to keep a relative few from
streaming.
Do you see anything in these logs that may prove worthwhile? I'm open
to any possibilities.
Thanks
Eric
Received on Tue Nov 25 2003 - 15:32:45 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:36 MST