Re: [squid-users] Block skype

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Mon, 13 Oct 2008 21:22:22 -0300

ufdbGuard can block Skype.
ufdbGuard is a free URL redirector which works with Squid.

Blocking Skype is based on SSL connection verification
and since Skype using port 443 but has no SSL handshake,
the connection is blocked when the option
enforce-https-official-certificate is set ON.

Note that Squid already makes port 80 unusable for Skype and
your firewall must block direct connections to other
Skype nodes.

-Marcus

Amos Jeffries wrote:
>> Hi guys,
>>
>> Is it possible block skype using acl header in squid?
>>
>> I don't like put in my squid.conf the configuration bellow because
>> will block some sites with IP configuration.
>>
>> acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
>
> PATH portion regex will never match the HOST part.
>
>> acl connect method CONNECT
>> http_access deny connect numeric_IPs all
>
> Only the raw-IP detection control has any reliability.
> http://wiki.squid-cache.org/ConfigExamples/Chat/Skype
>
> The websites which use raw IPs as their domain name are also most often
> seen in spam and domain hijacking attacks. Its not a good idea to let them
> through. Lobby the site people to setup their DNS properly.
>
> Amos
>
>
>
Received on Tue Oct 14 2008 - 00:22:34 MDT

This archive was generated by hypermail 2.2.0 : Tue Oct 14 2008 - 12:00:03 MDT