Chris Nighswonger wrote:
Hi all,
We run a webradio which is broadcast via an external streaming
service (A). In an effort to keep the Internet pipe from becoming
conjested with audio streaming traffic from on-campus users listening
to the stream, we setup an internal streamer (B) for use on campus. Of
course you have those who are not paying attention to the notice to
use the inside streamer rather than the outside. Since I run dg/squid,
I am configuring squid to redirect traffic requests headed for A to B.
There are two ways of accessing the stream. One is via a playlist
file. (i.e. http://streamserver.com/list.asx) The other is directly.
(i.e. http://streamserver.com:1234/) I have setup the following to
handle the playlist url's:
acl streamlink url_regex -i ^http://streamserver.com/list.
http_access deny streamlink
deny_info http://192.168.0.x:8000/list.m3u streamlink
This part works great! (Thanks Henrik. :)
The following is my setup to handle the direct connections:
acl streamserver dstdomain .streamserver.com
acl streamport 1234
Assuming this is not a typo, you forgot an important feature. The ACL type.
acl streamport port 1234
http_access deny streamserver streamport
deny_info http://192.168.0.x:8000/mountpt streamserver streamport
This one does not work at all. Watching the access.log, squid
authenticates the request and then proceeds to pass the traffic to the
external streaming server (A). Looking into the packets with wireshark
shows that they are indeed headed for streamserver.com:1234....
Two questions:
1. Am I using the correct acl types to match
http://streamserver.com:1234/ (dstdomain + port)?
2. Am I doing this entire redirect the hard way? I would think that
squid would be the logical place to take care of this. Or is it
iptables?
Thanks,
Chris
Chris
