Hi Marc,
Thanks for your comments, I fully understand your
suggestions - and have indeed implimented the same for
other services. As i have a large number of
squid-caches to maintain (around 11) with requests
coming from different user classes, it will be a
constant task for me to target irc servers and keep
the denied sites list up to date. I was more looking
for a way to identify a user-agent as "not a browser"
and then block that user-agent from access to my
squids......
In the mean time - looks like list compiling :(
Cheers,
Karl
--- Elsen Marc <elsen@imec.be> wrote:
>
>
> >
> > Hi all,
> >
> > I've been seeing users start to tunnel thru my
> squid
> > caches, especially for connecting to IRC servers.
> I
> > get CONNECT lines in my log either going to 6667
> (irc
> > default) or more sneakily, 443. As there are is a
> > sizable number of irc servers my users are
> connecting
> > to, and the fact CONNECT is used for regular https
> > websites, i can't block the method or the
> > hostnames/ip's. I recompiled squid to log
> user-agents,
> > but again, anything coming in on a CONNECT does
> not
> > show up - i thought at least i could identify the
> irc
> > clients and block them with an "browser" ACL.
> >
> > So i guess what i am asking, is there an easier,
> more
> > maintainable way to stop this rather than spending
> day
> > after day compiling ip lists for multiple servers
> -
> > I'm really hoping for a one-liner here.
> >
> > Many thanks in advance,
> >
>
> The default squid.conf will not allow connections
> to 6667;
> in order to have a 'strict' config :
>
> acl SSL_ports port 443
> http_access deny CONNECT !SSL_ports
>
> If you block 443, then valid SSL sites will be
> blocked too;
> and your users will no longer be able to access
> those.
>
> If you want further control on access to malicous
> '443-sites' then you need to make use of access
> controls
> in SQUID (see the FAQ).
>
> M.
>
__________________________________
Do you Yahoo!?
Yahoo! Finance Tax Center - File online. File on time.
http://taxes.yahoo.com/filing.html
Received on Wed Mar 24 2004 - 00:36:56 MST
This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST