I'll try and get the http request and http header, however blocking by port isn't an option. This is a transparent cache, only capturing what is intended for port 80, therefore any "safe_ports" acl would be useless, or denying access to ALL port 80 webservers ;-( B. On Thu, 2005-03-03 at 02:41, Kevin wrote: > > B.G. Bruce wrote: > > >I have a transparent squid cache 2.5.8+patches(pre9) and would like to > > >stop the p2p traffic running through it. Does anyone have any ideas on > > >how to do this? ACL's based on user agent? I'm already using the > > >iptables patches (p2p) and have tried l7-filter, however it appears > > >(V1.0) to have a memory allocation issue as it keeps using up all memory > > >in the box (1G) and eventually killing the fw. Primarily it is FASTRACK > > >and GNUTELLA that need to be stopped. > > Can you share a capture of a FASTRACK or GNUTELLA session through > the squid proxy, at least through the initial HTTP request and HTTP headers? > > You might be able to cripple p2p by using a safe_ports ACL to only permit > legitimate HTTP server ports, deny all other destination ports. Even just > blocking traffic towards TCP/6346 would be a good start. > > Alternately, why not just log all connections, post-process the log data to find > egregious violation of the published network policy, and then take steps to > evict the non-compliant users/hosts from the network? > > > On Thu, 03 Mar 2005 09:19:42 +0300, Ronny <ronny@xxxxxxxxxxxxxx> wrote: > > Well from squid definition I don't think you will be able to stop p2p > > programs.You need a more intelligent program or hardware to do that .I > > didn't say squid isn't intelligent besides I survive on it. > > I'd use the term "sophisticated", or perhaps even "complicated", given that > more complex is not always better. For example, you could use something > like an inline IPS (snort inline, ngrep with some scripting, etc) to > look for and > terminate sessions containing the string "GNUTELLA CONNECT/", but that > solution has it's own problems... > > Kevin Kadow >
