> -----Original Message----- > From: Maxx Christopher Lobo [mailto:maxx@xxxxxxxxxxxxx] > Sent: Wednesday, February 09, 2005 3:55 PM > To: squid-users@xxxxxxxxxxxxxxx > Subject: RE: [squid-users] Port based ACLs for Squid setup with upstream > proxying to Surfingate's Finjan- > > > Chris: > > Thanks for the suggestion - I added the port based ACL to the > always_direct list, and my new squid.conf is included below. > > I've tested the veracity of the port based ACL, using an FTP client - > where previously the FTP connection would be shunted to FinJAN, now > squid passes it through itself - which is exactly what I was hoping for. > > And unfortunately that isn't the end of the problem. Windows Media > Player streams (non-port 80) are still having the same issue as before - > the stream is able to connect, and it says 'playing', but no audio > actually plays. (I've obviously eliminated the basic issues like sound > card not working and so on ;-)) > When the IP based ACL is used, this problem disappears, and the PC is > able to play the stream without a problem. > > Is there something else I'm missing? > > ## Begin squid.conf > # > acl Web_ports 80 > acl SSL_ports 443 563 > acl Media_ports 554 1755 > acl Safe_ports port 20 21 70 210 1025-65535 > acl CONNECT method CONNECT GET POST PROPFIND HEAD > # > acl dns-Local dstdomain .xyz.com > acl IT_PCS src 192.168.0.1 192.168.0.5 192.168.0.25 > acl all src 0.0.0.0/0.0.0.0 > # > http_access allow localhost > http_access allow Web_ports > http_access allow SSL_ports > http_access allow Media_ports > http_access deny !Safe_ports > http_access deny CONNECT > http_access deny all > # > cache_peer finjan.xyz.com parent 5150 0 no-query default > always_direct allow dns-Local > always_direct allow IT_PCS > always_direct allow SSL_ports > always_direct allow Media_ports > always_direct allow Safe_ports > never_direct allow all > # > ## End squid.conf > > ---Maxx I imagine that the stream is being set up over port 80 (and is therefore being set up through the Finjan). A little searching through the email archives finds someone who was looking to block WMP. That should help... So try this: acl media_mime req_mime_type -i ^video/x-ms-asf$ acl media_mime req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$ acl media_mime req_mime_type -i ^application/x-mms-framed$ acl WMP browser Windows-Media-Player/* always_direct allow media_mime WMP In theory (I love that phrase) this should allow Windows Media Player to directly make requests for Windows media types. Chris