Search squid archive

simplest way to block (and drop) 1 'user'(computer) using 1 specific 'URL' ??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 







I purchased a little toaster-sized HP home-server that I haven't fully made
use of, but that does have an annoying feature.  It's **constantly** sending
messages to a ms-server.  Maybe it's some sort of I'm alive pulse, but it's
annoyingly filling up my squidlog, and always using up/interrupting normal traffic bin __minor__ amounts as it constantly does an HTTP version of
a ping that runs *almost* all the time.

Here's a snipped from a 'cooked' log format I use to give me a quick view into what's going w/squid: +0.19 182ms; ln=1579 (8.5K/8.4K) TCP_MISS/403 <Home-Server [POST http://sqm.microsoft.com/sqm/Windows/sqmserver.dll - HIER_DIRECT/sqm.microsoft.com text/html ] +0.18 173ms; ln=1579 (8.9K/8.9K) TCP_MISS/403 <Home-Server [POST http://sqm.microsoft.com/sqm/Windows/sqmserver.dll - HIER_DIRECT/sqm.microsoft.com text/html ] +0.17 164ms; ln=1579 (9.4K/9.3K) TCP_MISS/403 <Home-Server [POST http://sqm.microsoft.com/sqm/Windows/sqmserver.dll - HIER_DIRECT/sqm.microsoft.com text/html ] +0.20 191ms; ln=1579 (8.1K/8.0K) TCP_MISS/403 <Home-Server [POST http://sqm.microsoft.com/sqm/Windows/sqmserver.dll - HIER_DIRECT/sqm.microsoft.com text/html ] +0.15 145ms; ln=1579 (10.6K/10.5K) TCP_MISS/403 <Home-Server [POST http://sqm.microsoft.com/sqm/Windows/sqmserver.dll - HIER_DIRECT/sqm.microsoft.com text/html ]
-------

It just keeps going this -- occasionally it will stop for a few minutes, but most of the time it's doing these little several-K requests. Is there an easy way in squid to say "if requester='home-server' and request address = 'http://sqm.microsoft.com/sqm/Windows/sqmserver.dll', then DROP the request (and issue nothing in the log).

There are more crude methods of shutting up, like one time, since it is going through the proxy-server to get to the outside world, I just threw in an ipchains rule to ignore it altogether. Fast, but a bit crude. I don't want to cut off all internet access -- just that one, constant droning request that just goes on and on...(filling logs, but most of all, always reducing my full bandwidth)...

What a pain in the butt!

Talk about products that 'phone home'....This one whines to home about 5 times/second! LAME!

I currently have no other filtering going on in my squid files, so I'm not really sure where to start. Do I need to write an external helper and filter all traffic through it? That sounds like overkill -- and I'd really not wish to slow down traffic from other stations -- I already get too many 'sorry but your browser is configured to use a proxy which is not responding' messages, now, as it is -- and ***I'M THE ONLY USER!!!***... (very sad when 1 user can overwhelm a proxy server designed to handle hundreds (if not thousands) of users... But that's question for another day (like after I've pulled the latest source and tried it to see if it is fixed...;-))....


Thanks!

Linda Walsh



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux