Thanks Marko,
so these are POST commands using specific URLs. so as you suggested, one
can simply
block these URLs. However, this won't block new ones.
Anyway, I don't see why the guy wan't to block attachments? if it is
because of viruses and the like,
he can simply filter http traffic withan antivirus product (and here there
are many solutions,
including *sweeper).
regards,
mouss
At 13:41 08/08/00 +0200, Marko Vukovic' wrote:
>Looking at my squid proxy logs when I attempt to attach something to a mail
>using Yahoo, I see the following:
>
>965733836.623 5759 192.168.1.16 TCP_MISS/200 3980
>GET http://us.f1.mail.yahoo.com/ym/Attachments? -
>TIMEOUT_DIRECT/us.f1.mail.yahoo.com text/html
>
>here are some extracts from a firewall's logs:
>
>Aug 8 13:23:56 citadel cdsgw[18327]: http: exit
>host=____.cequrux.com/xx.xx.xx.xx
>dest=web121.yahoomail.com/205.180.60.129:80 user=unknown group=unknown
>in=3936 out=1016 time=3 cmd=GET
>arg=/ym/Attachments?YY=44753&File0Data=&File1Data=&File2Data=: FIN ACK
>from client host
>Aug 8 13:24:28 citadel cdsgw[18327]: http: exit
>host=____.cequrux.com/xx.xx.xx.xx
>dest=web122.yahoomail.com/205.180.60.57:80 user=unknown group=unknown
>in=4702 out=16891 time=8 cmd=POST arg=/ym/Attachments?YY=47520: FIN ACK
>from client host
>
>Similarly for Hotmail:
>----------------------
>965734443.557 8805 192.168.1.16 TCP_MISS/200 10299 POST
>http://lw8fd.law8.hotmail.msn.com/cgi-bin/doattach -
>DIRECT/lw8fd.law8.hotmail.msn.com text/html
>
>Aug 8 13:34:03 citadel cdsgw[18327]: http: exit
>host=____.cequrux.com/xx.xx.xx.xx
>dest=www.law8.hotmail.com/216.33.240.250:80 user=unknown group=unknown
>in=10236 out=16639 time=9 cmd=POST arg=/cgi-bin/doattach: FIN ACK from
>client host
>Aug 8 13:34:35 citadel cdsgw[18327]: http: exit
>host=____.cequrux.com/xx.xx.xx.xx
>dest=www.law8.hotmail.com/216.33.240.250:80 user=unknown group=unknown
>in=14803 out=2477 time=7 cmd=POST arg=/cgi-bin/doattach: FIN ACK from
>client host
>
>Does this help you out? It should be as simple as blocking those URLs.
>
>--
>Marko Vukovic' E-mail: [EMAIL PROTECTED]
>Technical Support, WWW: http://www.cequrux.com
>CEQURUX Technologies Phone: +27(21)423-6065
>Firewalls/VPN Specialists Fax: +27(21)424-3656
>
>mouss wrote:
> >
> > why can't he?
> > how excatly web based mail works?
> > does it use "multipart" stuff?
> > anyway, there are proxies that filter content...
> >
> > regards,
> > mouss
> >
> > At 12:42 07/08/00 -0400, Chris Francosky wrote:
> > >You can't unless you restrict their access to the specific sites. hotmail
> > >and yahoo both use http to communicate with the client.
> > >I thought you meant you had activated Web services for Exchange or
> > >Groupwise or something.
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
