It seems that I am observing now, 90% of torrent downloads are not connecting... I guess I would try several days, if these active connecting torrent can actually connect... This is somewhat useful as of now on my opinion, it cuts down torrent access... -----Original Message----- From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] Sent: Tuesday, October 23, 2007 3:22 PM To: SSCR Internet Admin Cc: squid-users@xxxxxxxxxxxxxxx Subject: Re: For admins that wanted to stop torrent downloads SSCR Internet Admin wrote: > Hi, > > I am experimenting on how to stop torrent downloads, but when a torrent > client already established a connection, it don't drop the packets at all. > I hope someone could share a thought or two about my approach.... > > 1. Run squid on transparent mode > 2. I run this iptables command... > > #Reroute all ports to port 3128 > $IPT -t nat -I PREROUTING -i $INT -p tcp --dport 80 -j DNAT --to > 192.168.100.1:3128 Target to use is REDIRECT not DNAT. Or on systems with appropriately patched kernel TPROXY target is available. <snip remaining list of ports> > > 4. I have found this logs on cache.log > > 2007/10/23 13:47:42| parseHttpRequest: Requestheader contains NULL > characters > 2007/10/23 13:47:42| parseHttpRequest: Unsupported method 'BitTorrent' > 2007/10/23 13:47:42| clientReadRequest: FD 137 (192.168.100.61:3907) Invalid > Request > 2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL > characters > 2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent' > 2007/10/23 13:47:43| clientReadRequest: FD 89 (192.168.100.61:3908) Invalid > Request > 2007/10/23 13:47:43| parseHttpRequest: Requestheader contains NULL > characters > 2007/10/23 13:47:43| parseHttpRequest: Unsupported method 'BitTorrent' > 2007/10/23 13:47:43| clientReadRequest: FD 152 (192.168.100.61:3909) Invalid > > > I don't know if these experiment also exist, but it's a good way, maybe > someone could make a patch that blocks torrents or p2p apps based on the > cache.log results. > Better yet. The dev team is looking for somebody interested in adding full Torrent support to squid. That would entail adding settings and ACL to configure access/denial properly. Amos -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. __________ NOD32 2608 (20071023) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com __________ NOD32 2608 (20071023) Information __________ This message was checked by NOD32 antivirus system. http://www.eset.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
