RE: [squid-users] stoppin Torrent file download

From: Vishal Agarwal <vishal_at_norpknit.com>
Date: Wed, 21 Mar 2012 10:16:50 +0600

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Tuesday, March 20, 2012 7:18 PM
To: squid-users_at_squid-cache.org
Subject: Re: [squid-users] stoppin Torrent file download

On 20/03/2012 9:14 p.m., Vishal Agarwal wrote:
> Hi,
>
> Pl advise if some user want to download ".torrent" file. He should get
> downloaded my own created file, already stored in my server.
>
> Thanks/regards,
> Vishal Agarwal
>
> I am not able to use "deny_info" for my custome defined messages.

That is the best way, but only works in squid-3.2.

Alternatively, you can use url_rewrite system to redirect the .torrent
URL to a web server where you host your own file.

Amos
---------------------------------------
Hi Amos,
Thanks for your reply.

When I enable the deny_info, The squid crash. And I need to change the conf
as earlier and then have to work without custom message.

Pl find the squid conf below :
######################################
visible_hostname mail2.norpknit.com
cache_dir ufs /var/spool/squid3 10000 32 256
#cache_access_log none
http_port 192.168.7.1:8080 transparent

logformat common %>A %ui %un [%tl] "%rm %ru" %Hs %<st %Ss:%Sh
access_log /var/log/squid3/access.log common
cache_access_log none
#logformat common %>a %ul [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
#logformat NewFormat %>A %ul [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl all src 0/0
acl norpnet src 192.168.7.0/24 # Norpknit localLan

acl allowed_ip_group01 src "/etc/squid3/allowed_ip_group01" # Managers
acl allowed_ip_group02 src "/etc/squid3/allowed_ip_group02" # Executives
acl allowed_ip_group03 src "/etc/squid3/allowed_ip_group03" # Officers
acl allowed_ip_group04 src "/etc/squid3/allowed_ip_group04" # Others
acl allowed_ip_group05 src "/etc/squid3/allowed_ip_group05" # Guest

acl buyer_website dst underarmour.com # Underarmour Website Allowed
acl ebl_bank dst ebl-bd.com # Bank website

acl blocked_domain dstdomain "/etc/squid3/blocked_domain"
acl blockedext url_regex -i "/etc/squid3/FileExt"
acl Totally_Not_Allowed url_regex -i "/etc/squid3/totally_not_allowed"
acl allowed_domain dstdomain "/etc/squid3/allowed_domain"
acl morning_hour time S M T W H F A 00:00-09:00
acl lunch_hour time S M T W H F A 13:00-14:00
acl evening_hour time S M T W H F A 18:00-24:00

acl SSL_ports port 443
acl SSL_ports port 587 # gmail
acl SSL_ports port 873 # rsync
acl SSL_ports port 4443 # Eastern Bank
acl SSL_ports port 2443 # Iceweb
acl SSL_ports port 3067 # GAP
acl Safe_ports port 4443 # Eastern Bank Limited
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-10000 # unregistered ports
acl Safe_ports port 10001-20000 # unregistered ports
acl Safe_ports port 20001-30000 # unregistered ports
acl Safe_ports port 30001-40000 # unregistered ports
acl Safe_ports port 40001-50000 # unregistered ports
acl Safe_ports port 50001-60000 # unregistered ports
acl Safe_ports port 60001-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl PURGE method PURGE
acl CONNECT method CONNECT
http_access deny Totally_Not_Allowed
http_access deny !allowed_ip_group01 blockedext
http_access deny !Safe_ports
http_access allow manager
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow to_localhost
http_access allow buyer_website
http_access allow ebl_bank

#http_access deny manager

#http_access allow norpnet allowed_domain # Common Domain access allowed
#http_access deny blocked_domain !allowed_ip_group01 !allowed_ip_group02
!allowed_ip_group03
http_access allow allowed_ip_group01 blockedext
        
deny_info ERR_ACCESS_DENIED_TORRENT blockedext
#http_access allow allowed_ip_group01
http_access allow allowed_ip_group02
http_access allow allowed_ip_group03
http_access allow allowed_ip_group04
http_access allow allowed_ip_group05

http_access allow norpnet
# allowed_domain

http_access deny !allowed_ip_group01
http_access deny !allowed_ip_group02
http_access deny !allowed_ip_group03
http_access deny !allowed_ip_group04
http_access deny !allowed_ip_group05
#http_access deny norpnet
http_access allow localhost
http_access allow to_localhost
http_access allow PURGE
http_access deny PURGE
http_access allow all
http_access deny all
icp_access deny all
#htcp_access deny all
hierarchy_stoplist cgi-bin ?
#access_log /var/log/squid3/access.log common
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
icp_port 3130
coredump_dir /var/spool/squid3
emulate_httpd_log on
positive_dns_ttl 2 minute
negative_dns_ttl 2 minute
connect_timeout 5 minute
read_timeout 2 minute
#siteselect_timeout 2 minute
request_timeout 5 minute
half_closed_clients off
cache_store_log none
ident_lookup_access allow CONNECT
cache deny blocked_domain blockedext Totally_Not_Allowed CONNECT
dns_nameservers 8.8.8.8 8.8.4.4
delay_pools 1
delay_class 1 2
delay_parameters 1 45000/60000 -1/-1
delay_access 1 deny norpnet !allowed_ip_group01 !allowed_ip_group02
!allowed_ip_group03 !buyer_website !ebl_bank
delay_access 1 allow all

##################################

Deny Info File

##################################################
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>ERROR: The requested URL could not be retrieved</title>
<style type="text/css">
<!-- %l body :lang(fa) { direction: rtl; font-size: 100%; font-family:
Tahoma, Roya, sans-serif; float: right; } :lang(he)

{ direction: rtl; float: right; } -->
</style>
</head>
<body>
<div id="titles">
<h1>ERROR</h1>
<h2>This File is blocked as per IT Policy</h2>
</div> <hr>
<div id="content">
<p>The following error was encountered while trying to retrieve the URL:
<a href="%U">%U</a>
</p> <blockquote id="error"> <p>
<b>Torrents Download is not allowed</b>
</p>
</blockquote>
<p>You are not allowed to download this file. This case will be reported to
<b>IT Dept.</b></p>
<p>In case you feel you want to download this file in anycase, Then inform
to <a href="mailto:support_at_norpknit.com">Support

</a>.</p>
<br>
</div>
<hr>
<div id="footer">
<p><b>IT Dept. <br>
Norpknit Industries Ltd.
</b></p> <!-- %c -->
</div>
</body>
</html>

###########################################3
Received on Wed Mar 21 2012 - 04:16:51 MDT

This archive was generated by hypermail 2.2.0 : Wed Mar 21 2012 - 12:00:03 MDT