Honestly the easiest technical fix is to deny access at the firewall or squid acl to the paid proxy site. Best long term fix is an enforced security policy (I think I might be too optimistic). On Tue, Jan 12, 2010 at 6:56 AM, Roland Roland <R_O_L_A_N_D@xxxxxxxxxxx> wrote: > i have the following config set to allow msn messenger to connect through my > squid. > > acl msnport port 1863 > http_access allow connect msnport > http_access allow msnport > > i have a security breach where one of the users may be using port 1863 to > reach a paid proxy that he acquired. > is there a way to allow port 1863 to only work with msn messenger > destinations? i've already denied access to that domain and warned the user > but i want a more permanent solution > the simplest way possible is to do an AND access rule with msn's domains but > there's a vast list of domains that should be added and i dont have them > all.. > so is there another way ? > > PS: i'm using ADIUM client to connect to msn so when using msn's mime type > its not working not sure why... > > >