Dear all, Sorry for late reply. After further tracking, i managed to re-check the squid configuration files and below are the acls list :- acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny Bad_Domains http_access deny Bad_Ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow our_networks http_access allow manager localhost I purposely did not include the bad_domains acl because it is kinda long and would eventually messed up when i posted up in the mailing list. I can confirmed that the acl is correct anyway. After restart squid, i viewed the access.log files to watch out for CONNECT strings. Well, this time, it is different though. There are no more TCP_MISS:DIRECT at the end of the log, instead, i got TCP:DENIED. Does this mean i am successfully block those p2p or tunneling softwares? --- Henrik Nordstrom <hno@xxxxxxxxxxxxxxx> wrote: > On Mon, 10 Jan 2005, Diamond King wrote: > > > I`ve checked the configuration file and it seems > > that only port 443 and 563 were connected to > SSL_Ports > > acl rule. > > You then have some error in your http_access rules, > allowing things you > did not intend to allow. > > >>> 192.168.25.220 - - [10/Jan/2005:11:24:38 +0800] > >>> "CONNECT 213.103.81.214:3518 HTTP/1.0" 200 223 > >>> TCP_MISS:DIRECT > > > > What's the usage of port 563 anyway? > > nntps, NNTP over SSL. Supported by many browsers and > is why it is in the > default allowed list. > > > By the way, any other way to check what exactly > those logs for? is it > > attempt by kazaa users? Thanks again! > > If you are lucky then a meaningful user-agent string > is included.. visible > if you enable log_mime_hdrs. But most likely this is > blank or forged. > > Regards > Henrik > __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com
