Re: [squid-users] miranda

From: Peter Marshall <peter.marshall@dont-contact.us>
Date: Tue, 28 Mar 2006 08:02:11 -0400

I was not able to figure this out with the mime headers either (although
it made my logs quite large ;).

Anyone have any other ideas ??

I did try
log_mime_hdrs on

It is off again.

P

Peter Marshall wrote:
> As far as actual server set up .. we have an internal Firewall that does
> not route to anything that I do not set up by hand. The proxy is a
> stand alone box in the DMZ, and then we have an external Firewall.
>
> internal - :firewall:| DMZ - Proxy - |:external Firewall:| Web
>
> Peter Marshall wrote:
>
>> http_port 192.168.1.254:8080
>> http_port 127.0.0.1:8082
>> http_port a.b.c.5:8081
>> icp_port 0
>> #http_port 8080
>> #snmp_port 3401
>> #snmp_port 161
>> cache_mem 256 MB
>> cache_dir ufs /usr/local/squid/var/cache 8000 16 256
>> debug_options ALL,1 33,2
>> emulate_httpd_log on
>> forwarded_for off
>>
>> acl public snmp_community public
>>
>> acl all src 0.0.0.0/0.0.0.0
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl caris_int src 192.168.200.0/255.255.248.0
>> acl caris_dmz src a.b.c.0/255.255.255.192
>>
>> acl admin_lst src 192.168.202.73/32 192.168.200.122/32
>> acl admin_lst2 src 192.168.202.73/32 192.168.202.75/32 192.168.201.26/32
>> acl ALLOW_WIN_UP src 192.168.200.3/32 192.168.202.3/32 192.168.202.90
>> 192.168.200.32 192.168.200.10 192.168.200.23 192.168.200.122
>> 205.174.164.51 192.168.201.65 192.168.201.77 192.168.201.106
>>
>> acl forcerobak src 192.168.100.0/24 205.174.164.50/32
>> acl aca src 192.168.90.0/24
>>
>> acl Safe_ports port 21 80 88 443 563 2095 3915 4500 7778 8000 8020
>> 8070 8090 8080 8081 8087 8096 8030 8194 8585 8765 8988 9000 9443 16080
>> 19638
>> #acl Safe_ports port 21 80 443 563 8080 8081 8030 1025-65535
>>
>> http_access allow localhost
>> acl manager proto cache_object
>> http_access allow manager localhost
>>
>> acl PURGE method PURGE
>> http_access allow PURGE localhost
>> http_access deny PURGE
>>
>> acl snmpServer src 192.168.202.73/32
>>
>> acl ICQ url_regex -i .icq.com
>> acl MSN req_mime_type ^application/x-msn-messenger$
>> acl STREAM rep_mime_type ^application/octet-stream$
>> acl YAHOO url_regex .msg.yahoo.com
>> acl CHAT url_regex -i webmessenger .webmessenger .messenger.*
>> messenger.yahoo gateway.dll messenger.msn mirc icq.com go.icq
>> miranda-im.org
>> acl DICT url_regex -i dictionary.reference.com
>> acl MICROSOFT url_regex -i .windowsupdate
>> acl banned_types url_regex -i .mpeg$ .mpg$ .avi$ .wmv$ .mp3$ \.rm$
>> .asf$ .wma$ \.ram$ \.aif$ \.ra$ .asx$
>> # acl banned_types2 url_regex -i .mpeg* .mpg* .avi* .wmv* .mp3* .rm*
>> .asf* .wma* .ram* .aif* .ra* .asx*
>> acl INTERNAL url_regex caris.priv
>> acl VIRUS url_regex -i genmexe.biz
>> acl TROJAN url_regex -i gookle
>> acl WEBMSN url_regex -i .webmessenger.msn.com
>> acl EMESS url_regex -i .e-messenger.net .webmessenger.msn.com/*
>> iloveim.com
>> acl TALK url_regex -i .google.com/talk talk.google.com
>> .google.com/talk* .google.*/talk*
>> acl WEB1 url_regex -i .caris.com/* .caris.com
>> acl GTALK url_regex -i .google.com/mail/im/*
>> .google.com/mail/channel/bind .google.com/mail/channel/bind/*
>> acl GTALK_FIX url_regex -i .google.com/mail/images/*
>>
>> snmp_access deny !snmpServer
>>
>> http_access allow GTALK_FIX all
>> http_access deny GTALK all
>>
>> # http_access deny block_user
>>
>> # http_access allow !Safe_ports admin_lst
>> http_access allow !Safe_ports forcerobak
>> http_access deny !Safe_ports
>>
>> http_access deny TROJAN
>>
>> ## Do not want to block searches of words
>> ## ex, besmirce has mirc in it.
>> http_access allow DICT all
>>
>> http_access allow CHAT admin_lst
>> http_access allow YAHOO forcerobak
>> http_access allow ICQ forcerobak
>> http_access allow TALK forcerobak
>> http_access allow MSN forcerobak
>> http_access allow WEBMSN forcerobak
>> http_access allow CHAT forcerobak
>>
>> http_access allow WEBMSN admin_lst2
>> http_access allow MSN admin_lst
>> http_access allow TALK admin_lst
>>
>> http_access allow ICQ admin_lst
>> http_access allow MSN aca
>> http_access allow ICQ aca
>>
>> http_access deny MSN
>> http_access deny ICQ
>> http_access deny YAHOO
>> http_access deny CHAT
>> http_access deny VIRUS
>> http_access deny WEBMSN
>> http_access deny EMESS
>> http_access deny TALK
>>
>> # http_reply_access allow STREAM admin_lst
>> #http_reply_access deny STREAM
>>
>> http_access allow MICROSOFT admin_lst
>> http_access allow MICROSOFT forcerobak
>> http_access allow MICROSOFT aca
>> http_access allow MICROSOFT ALLOW_WIN_UP
>> http_access deny MICROSOFT
>>
>> http_access allow banned_types admin_lst
>> http_access deny banned_types
>>
>> http_access allow forcerobak
>> http_access allow aca
>> http_access allow admin_lst
>> http_access allow caris_int
>> http_access allow caris_dmz
>>
>> http_access deny all
>>
>> Nikos Zaharioudakis wrote:
>>
>>> On 3/24/06, Peter Marshall <peter.marshall@caris.com> wrote:
>>>
>>>> I am trying to figure out how some users are using Miranda to get past
>>>> my squid rules. normally, msn, icq, gtalk, yahoo messenger, etc will
>>>> not work, however, a few users have figured out how to get around this,
>>>> and I have not been able to figure out how.
>>>>
>>>> Does anyone have any suggestions ?
>>>>
>>>> Thanks
>>>>
>>>
>>>
>>> Would you mind tell us a little more about current network topology
>>> and internet connection?
>>> Or perhaps your squid rules to see what is going on.
>>>
>>>
>>> Best regards,
>>> --
>>> ########################################3
>>> Zaharioudakis Nikos
>>> mob: +30 6947204063
>>> A: Because it messes up the order in which people normally read text.
>>> Q: Why is top-posting such a bad thing?
>>> A: Top-posting.
>>> Q: What is the most annoying thing on usenet and in e-mail?
Received on Tue Mar 28 2006 - 05:01:39 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST