Chris Boyd wrote:
>I'm trying to block IM's like MSN, Yahoo..etc...etc
>I've taken acl's from this list but it doesn't seem to be working.
>
>acl all src 0.0.0.0/0.0.0.0
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80 # http
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 22 # ssh
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>
>
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl Safe_ports port 4156
>acl CONNECT method CONNECT
>acl usit src 10.133.0.0/16 10.1.0.0/16
>acl ICQ url_regex -i .icq.com
>acl MSN req_mime_type ^application/x-msn-messenger$
>acl YAHOO url_regex .msg.yahoo.com
>acl CHAT url_regex -i webmessenger .webmessenger .messenger.* messenger.yahoo gateway.dll messenger.msn mirc icq.com go.icq miranda-im.org
>acl WEBMSN url_regex -i .webmessenger.msn.com
>acl EMESS url_regex -i .e-messenger.net .webmessenger.msn.com/* iloveim.com
>acl TALK url_regex -i .google.com/talk talk.google.com .google.com/talk* .google.*/talk*
>http_access allow manager usit
>http_access deny manager
>http_access deny !Safe_ports
>http_access allow CONNECT
>http_access allow localhost
>http_access allow usit
>
>
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Here all your traffic is allowed. Move this allow line to the bottom
(just above the deny all line), and you will have much better luck.
>http_access deny MSN
>http_access deny ICQ
>http_access deny YAHOO
>http_access deny CHAT
>http_access deny WEBMSN
>http_access deny EMESS
>http_access deny TALK
>http_access deny all
>
>
>
>
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
Chris
Received on Mon May 22 2006 - 17:15:11 MDT
This archive was generated by hypermail pre-2.1.9 : Thu Jun 01 2006 - 12:00:02 MDT