Chris Boyd wrote:
I'm trying to block IM's like MSN, Yahoo..etc...etc
I've taken acl's from this list but it doesn't seem to be working.
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 4156
acl CONNECT method CONNECT
acl usit src 10.133.0.0/16 10.1.0.0/16
acl ICQ url_regex -i .icq.com
acl MSN req_mime_type ^application/x-msn-messenger$
acl YAHOO url_regex .msg.yahoo.com
acl CHAT url_regex -i webmessenger .webmessenger .messenger.* messenger.yahoo gateway.dll messenger.msn mirc icq.com go.icq miranda-im.org
acl WEBMSN url_regex -i .webmessenger.msn.com
acl EMESS url_regex -i .e-messenger.net .webmessenger.msn.com/* iloveim.com
acl TALK url_regex -i .google.com/talk talk.google.com .google.com/talk* .google.*/talk*
http_access allow manager usit
http_access deny manager
http_access deny !Safe_ports
http_access allow CONNECT
http_access allow localhost
http_access allow usit
^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^
Here all your traffic is allowed. Move this allow line to the bottom
(just above the deny all line), and you will have much better luck.
http_access deny MSN
http_access deny ICQ
http_access deny YAHOO
http_access deny CHAT
http_access deny WEBMSN
http_access deny EMESS
http_access deny TALK
http_access deny all
http://www.squid-cache.org/Doc/FAQ/FAQ-10.html
Chris
