Re: [squid-users] Block skype
ufdbGuard can block Skype. ufdbGuard is a free URL redirector which works with Squid. Blocking Skype is based on SSL connection verification and since Skype using port 443 but has no SSL handshake, the connection is blocked when the option enforce-https-official-certificate is set ON. Note that Squid already makes port 80 unusable for Skype and your firewall must block direct connections to other Skype nodes. -Marcus Amos Jeffries wrote: Hi guys, Is it possible block skype using acl header in squid? I don't like put in my squid.conf the configuration bellow because will block some sites with IP configuration. acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ PATH portion regex will never match the HOST part. acl connect method CONNECT http_access deny connect numeric_IPs all Only the raw-IP detection control has any reliability. http://wiki.squid-cache.org/ConfigExamples/Chat/Skype The websites which use raw IPs as their domain name are also most often seen in spam and domain hijacking attacks. Its not a good idea to let them through. Lobby the site people to setup their DNS properly. Amos
Re: [squid-users] Block skype
> Hi guys, > > Is it possible block skype using acl header in squid? > > I don't like put in my squid.conf the configuration bellow because > will block some sites with IP configuration. > > acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ PATH portion regex will never match the HOST part. > acl connect method CONNECT > http_access deny connect numeric_IPs all Only the raw-IP detection control has any reliability. http://wiki.squid-cache.org/ConfigExamples/Chat/Skype The websites which use raw IPs as their domain name are also most often seen in spam and domain hijacking attacks. Its not a good idea to let them through. Lobby the site people to setup their DNS properly. Amos
[squid-users] Block skype
Hi guys, Is it possible block skype using acl header in squid? I don't like put in my squid.conf the configuration bellow because will block some sites with IP configuration. acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ acl connect method CONNECT http_access deny connect numeric_IPs all Any ideas? Thanks Marcos
Re: [squid-users] block Skype with Squid
On Monday 18 September 2006 14:03, Pavel Ivanchev wrote: > Hi there! > I'm interesting in how to block skype with squid. I found in the net > some how-to and i followed it, but no result: > acl block_skype_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ > acl connect method CONNECT > http_access deny connect block_skype_IPs all 1. You likely don't need "all" here. 2. Try url_regex instead of urlpath_regex. Note that I don't use Skype (and never will be) so I can't test it. Christoph
[squid-users] block Skype with Squid
Hi there! I'm interesting in how to block skype with squid. I found in the net some how-to and i followed it, but no result: acl block_skype_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ acl connect method CONNECT http_access deny connect block_skype_IPs all After that i was still able to use skype. Just for test, i wrote in browser address bar https://196.34.23.4 , i don'n know what this ip is,but anyway, the connection wasn't rejected by squid, after while connection failed with "Connection time out" The log file says: "CONNECT 196.34.23.4:443 HTTP/1.0" 503 0 TCP_MISS:DIRECT instead of TCP_DENIED Where I wrong?
[squid-users] Block skype
Hi all, any ideas how to block skype? I also using dansguardian content filtering. Appently (I read) it is difficult to block skype.. kindly help?? regards Daniel
