Joerg Schuetter escribió:
On Wed, 27 Jun 2007 09:19:46 +0800
Adrian Chadd <adrian@xxxxxxxxxxxxxxx> wrote:
On Tue, Jun 26, 2007, Andreas Pettersson wrote:
Adrian Chadd wrote:
People keep asking about how to block IM in Squid; would
anyone like to kick up some ACLs that they use to block IM
ICQ? MSN? Windows Messenger? AOL? Skype? Jabber? IRC? Sametime?
Or http://webmessenger.msn.com/ or http://talk.google.com/ ?
My question is just as vague as the various questions people ask
about "blocking IM". Hence why I'd like to arrange a Wiki article
about it!
This is how we block IM to msn, but leafe the connection open to
"normal" web-pages on msn.
acl msn_req req_mime_type application/x-msn-messenger
acl msn_rep rep_mime_type application/x-msn-messenger
http_access deny mynetwork msn_req
http_reply_access deny mynetwork msn_rep
We have the above directives to block MSN plus the below to block skype.
acl CONNECT method CONNECT
acl skype url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
deny_info ERR_CLIENT_HTTPS2IP_DENIED skype
http_access deny CONNECT skype
This paper give some slightly explanation
http://packetstormsecurity.org/papers/general/BlockingSkype-rootn0de2005.pdf
As Matus pointed in a previous mail, to block IM with squid all IM
traffic must be (re)directed to squid so MSN, Jabber and GTalk clients
should have the proxy connections configured. In the case of MSN client
is not needed because catch the IE proxy configuration.
To block correctly the IM in a network it depends a lot of the network
architecture.
Thanks
Emilio C.