Roland Roland wrote:
> i have the following config set to allow msn messenger to connect
> through my squid.
>
> acl msnport port 1863
> http_access allow connect msnport
> http_access allow msnport
>
> i have a security breach where one of the users may be using port 1863
> to reach a paid proxy that he acquired.
> is there a way to allow port 1863 to only work with msn messenger
> destinations? i've already denied access to that domain and warned the
> user but i want a more permanent solution
> the simplest way possible is to do an AND access rule with msn's domains
> but there's a vast list of domains that should be added and i dont have
> them all..
> so is there another way ?
>
> PS: i'm using ADIUM client to connect to msn so when using msn's mime
> type its not working not sure why...
>
Port 1863 does not go through Squid. It's the native MSN protocol port.
MSN is capable of using port 80 properly for Squid to control if port
1863 is locked down.
These are the rules we know about for controlling port 80 MSN access
with Squid:
http://wiki.squid-cache.org/ConfigExamples/Chat/MsnMessenger
Amos
-- Please be using Current Stable Squid 2.7.STABLE7 or 3.0.STABLE21 Current Beta Squid 3.1.0.15Received on Tue Jan 12 2010 - 22:55:12 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 13 2010 - 12:00:03 MST