Blocking extensions using a urlpath_regex ACL might do the trick better than
others. If you block .ram, .ra, .asf and .asx (these are just off the top
of my head - I'm sure there's a lot more to be found with a little research)
you should be able to stop a lot of streaming stuff. Of course, this will
also block streaming video with these extensions as well. Pair that up with
a list of domains that serve streaming media (like launch.yahoo.com and
windowsmedia.com) and you should stop most of what's out there.
If I remember correctly, here's what ours looks like to stop certain
downloads and streaming media:
acl extdeny urlpath_regex -i \.mp3$ \.wma$ \.mov$ \.mpg$ \.mpeg$ \.ram$
\.ra$ \.asx$ \.asf$
http_access deny extdeny
Hope this helps.
Mike
-----Original Message-----
From: Eric Geater 11/18/03 [mailto:egeater@mscoinc.com]
Sent: Tuesday, November 25, 2003 7:37 AM
To: squid-users@squid-cache.org
Subject: [squid-users] Streaming filtering/blocking
Good morning, everyone.
I use Squid 2.5 Stable on a Mandrake 9.1 Linux box. It has proven itself
nicely in the past, but now a gauntlet has been thrown, so to speak.
Apparently, one of our users can still stream audio, even though I set up an
ACL blocking a few sites. I've been reading a bit, and noticed that one
person uses a url_regex command that points to a block.acl, while another
person suggests filtering for mime strings. A third has suggested killing
ports.
I'm going to ask my question differently, however. Is it possible to get a
list of mime types, or offending ports, or even a good list of likely
extensions? The "block.acl" suggestion is a great one that seems to work (I
tested it on blocking "tar" files last night, and it worked), but I know it
can't be all-inclusive, and not likely to stop a lot of the offending
traffic.
Any input is welcome. Thanks!
Eric
egeater at mscoinc dot com
Eric Geater
I.T. Representative
MSCO, Inc.
731-935-8538
731-431-3742
egeater at mscoinc dot com
Received on Tue Nov 25 2003 - 08:17:03 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:21:35 MST