Hi all,
I've been seeing users start to tunnel thru my squid
caches, especially for connecting to IRC servers. I
get CONNECT lines in my log either going to 6667 (irc
default) or more sneakily, 443. As there are is a
sizable number of irc servers my users are connecting
to, and the fact CONNECT is used for regular https
websites, i can't block the method or the
hostnames/ip's. I recompiled squid to log user-agents,
but again, anything coming in on a CONNECT does not
show up - i thought at least i could identify the irc
clients and block them with an "browser" ACL.
So i guess what i am asking, is there an easier, more
maintainable way to stop this rather than spending day
after day compiling ip lists for multiple servers -
I'm really hoping for a one-liner here.
Many thanks in advance,
Karl
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
Received on Tue Mar 23 2004 - 20:29:33 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST