[squid-users] simplest way to block (and drop) 1 'user'(computer) using 1 specific 'URL' ??

From: Linda Walsh <squid-user_at_tlinx.org>
Date: Thu, 10 Feb 2011 20:22:15 -0800

I purchased a little toaster-sized HP home-server that I haven't fully made
use of, but that does have an annoying feature. It's **constantly** sending
messages to a ms-server. Maybe it's some sort of I'm alive pulse, but it's
annoyingly filling up my squidlog, and always using up/interrupting
normal traffic bin __minor__ amounts as it constantly does an HTTP
version of
a ping that runs *almost* all the time.

Here's a snipped from a 'cooked' log format I use to give me a quick
view into what's going w/squid:
    +0.19 182ms; ln=1579 (8.5K/8.4K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
    +0.18 173ms; ln=1579 (8.9K/8.9K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
    +0.17 164ms; ln=1579 (9.4K/9.3K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
    +0.20 191ms; ln=1579 (8.1K/8.0K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
    +0.15 145ms; ln=1579 (10.6K/10.5K) TCP_MISS/403 <Home-Server [POST
http://sqm.microsoft.com/sqm/Windows/sqmserver.dll -
HIER_DIRECT/sqm.microsoft.com text/html ]
-------

It just keeps going this -- occasionally it will stop for a few minutes,
but most of the time it's doing these little several-K requests.

Is there an easy way in squid to say "if requester='home-server' and
request address = 'http://sqm.microsoft.com/sqm/Windows/sqmserver.dll',
then DROP the request (and issue nothing in the log).

There are more crude methods of shutting up, like one time, since it is
going through the proxy-server to get to the outside world, I just threw
in an ipchains rule to ignore it altogether. Fast, but a bit crude. I
don't want to cut off all internet access -- just that one, constant
droning request that just goes on and on...(filling logs, but most of
all, always reducing my full bandwidth)...

What a pain in the butt!

Talk about products that 'phone home'....This one whines to home about 5
times/second! LAME!

I currently have no other filtering going on in my squid files, so I'm
not really sure where to start. Do I need to write an external helper
and filter all traffic through it? That sounds like overkill -- and I'd
really not wish to slow down traffic from other stations -- I already
get too many 'sorry but your browser is configured to use a proxy which
is not responding' messages, now, as it is -- and ***I'M THE ONLY
USER!!!***... (very sad when 1 user can overwhelm a proxy server
designed to handle hundreds (if not thousands) of users... But that's
question for another day (like after I've pulled the latest source and
tried it to see if it is fixed...;-))....

Thanks!

Linda Walsh
Received on Fri Feb 11 2011 - 04:22:30 MST

This archive was generated by hypermail 2.2.0 : Fri Feb 11 2011 - 12:00:03 MST