Re: [squid-users] Blocking spesific url
Thanks for the reply everyone, I was trying to implement this in my squid.conf but 1) squid fails to restart 2)if it starts, no webpage will load. I even tried to paste only the akamaihd\.net\/battlelog\/background-videos\/ in my “adserver” file as well but no dice. Here is my (working) squid.conf without the acl. http_port 192.168.0.1:3128 transparent #Block acl ads dstdom_regex -i /etc/squid3/adservers http_access deny ads acl LAN src 192.168.0.0/24 http_access allow LAN http_access deny all maximum_object_size 100 MB cache_dir ufs /var/spool/squid3 5000 16 256 And here is the top of my /etc/squid3/adservers file akamaihd\.net\/battlelog\/background-videos\/ — Not working. rd.samsungadhub.com ad.samsungadhub.com http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm$ (^|\.)serving-sys.com tracking.xwebhub.net On 10 Jul 2014, at 16:29, Alexandre arekkusu@gmail.com wrote: My bad. I need to check squid ACL in more detail. I guess squidguard main advantage is speed when dealing with large list of URL then. Alexandre On 10/07/14 14:31, Leonardo Rodrigues wrote: Em 10/07/14 09:04, Alexandre escreveu: Concerning blocking the specific URL. Someone correct me if I am wrong but I don't believe you can not do this with only squid. The squid ACL system can apparently block per domain: http://wiki.squid-cache.org/SquidFaq/SquidAcl Of course you can block specific URLs using only squid ACL options !! # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path if the URL is: http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm then something like: acl blockedurl url_regex -i akamaihd\.net\/battlelog\/background-videos\/ http_access deny block should do it ! And i not even include the filename which, i imagine, can change between different stages.
Re: [squid-users] Blocking spesific url
On 11/07/2014 7:50 p.m., Andreas Westvik wrote: Thanks for the reply everyone, I was trying to implement this in my squid.conf but 1) squid fails to restart 2)if it starts, no webpage will load. I even tried to paste only the akamaihd\.net\/battlelog\/background-videos\/ in my “adserver” file as well but no dice. Here is my (working) squid.conf without the acl. http_port 192.168.0.1:3128 transparent #Block acl ads dstdom_regex -i /etc/squid3/adservers http_access deny ads Insert *right here* ... acl block url_regex -i akamaihd\.net\/battlelog\/background-videos\/ http_access deny block acl LAN src 192.168.0.0/24 http_access allow LAN http_access deny all maximum_object_size 100 MB cache_dir ufs /var/spool/squid3 5000 16 256 And here is the top of my /etc/squid3/adservers file akamaihd\.net\/battlelog\/background-videos\/ — Not working. rd.samsungadhub.com ad.samsungadhub.com http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm$ (^|\.)serving-sys.com tracking.xwebhub.net Some of these are not domain names. The dstdom_regex ACL type which is using the contents of this file matches against *only* the domain/hostname section of URLs. PS. most of those entries are better matched using dstdomain type ACL. Even serving-sys.com entry is equivalent to .serving-sys.com in dstdomain format. Amos
Re: [squid-users] Blocking spesific url
Finally! :D 192.168.0.20 TCP_DENIED/403 3654 GET http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm - NONE/- text/html Thanks everyone! :) On 11 Jul 2014, at 10:47, Amos Jeffries squ...@treenet.co.nz wrote: On 11/07/2014 7:50 p.m., Andreas Westvik wrote: Thanks for the reply everyone, I was trying to implement this in my squid.conf but 1) squid fails to restart 2)if it starts, no webpage will load. I even tried to paste only the akamaihd\.net\/battlelog\/background-videos\/ in my “adserver” file as well but no dice. Here is my (working) squid.conf without the acl. http_port 192.168.0.1:3128 transparent #Block acl ads dstdom_regex -i /etc/squid3/adservers http_access deny ads Insert *right here* ... acl block url_regex -i akamaihd\.net\/battlelog\/background-videos\/ http_access deny block acl LAN src 192.168.0.0/24 http_access allow LAN http_access deny all maximum_object_size 100 MB cache_dir ufs /var/spool/squid3 5000 16 256 And here is the top of my /etc/squid3/adservers file akamaihd\.net\/battlelog\/background-videos\/ — Not working. rd.samsungadhub.com ad.samsungadhub.com http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm$ (^|\.)serving-sys.com tracking.xwebhub.net Some of these are not domain names. The dstdom_regex ACL type which is using the contents of this file matches against *only* the domain/hostname section of URLs. PS. most of those entries are better matched using dstdomain type ACL. Even serving-sys.com entry is equivalent to .serving-sys.com in dstdomain format. Amos
[squid-users] Blocking spesific url
So this is driving me crazy. Some of my users are playing battlefield 4 and battlefield have this server browsing page that has webm background. Turns of this video downloads every few seconds and that adds up to about 8Gb every day. Here is the url: http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm Now, I dont want to block http://eaassets-a.akamaihd.net/ since updates and such comes from this CDN, and I dont want to block the file webm. And I cant for the life of me figure how to block this spesific url? Google gives me only what I dont want to do. Any pointers? -Andreas
Re: [squid-users] Blocking spesific url
Why don't you cache it? Take a look at: https://redbot.org/?uri=http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm Eliezer On 07/10/2014 10:21 AM, Andreas Westvik wrote: So this is driving me crazy. Some of my users are playing battlefield 4 and battlefield have this server browsing page that has webm background. Turns of this video downloads every few seconds and that adds up to about 8Gb every day. Here is the url:http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm Now, I dont want to blockhttp://eaassets-a.akamaihd.net/ since updates and such comes from this CDN, and I dont want to block the file webm. And I cant for the life of me figure how to block this spesific url? Google gives me only what I dont want to do. Any pointers? -Andreas
Re: [squid-users] Blocking spesific url
I imagine it is not cached because you either don't have caching enabled or the size of the video is larger than the maximum object cache size. This is defined in maximum_object_size (default is 4MB). Increasing this for everything will obviously have some impact. I don't know if you can force squid to cache a particular content (?) Concerning blocking the specific URL. Someone correct me if I am wrong but I don't believe you can not do this with only squid. The squid ACL system can apparently block per domain: http://wiki.squid-cache.org/SquidFaq/SquidAcl What I recommend is to look into a url rewriting (ie. filtering). Squidguard is the one I use and is quite popular. Essentially you install squidguard and setup the config file to the filtering according to your blacklist / whitelist. * http://www.squidguard.org/ Then you need to define squidguard in your squid config as url rewritter: / url_rewrite_program /usr/bin/squidGuard/ Obviously this is a bit of work for just one URL but if you think you will need to block more URL in the future it is the way to go IMO. Squidguard has some performance overhead but I believe it is small even with fairly large list. Alexandre On 10/07/14 09:27, Eliezer Croitoru wrote: Why don't you cache it? Take a look at: https://redbot.org/?uri=http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm Eliezer On 07/10/2014 10:21 AM, Andreas Westvik wrote: So this is driving me crazy. Some of my users are playing battlefield 4 and battlefield have this server browsing page that has webm background. Turns of this video downloads every few seconds and that adds up to about 8Gb every day. Here is the url:http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm Now, I dont want to blockhttp://eaassets-a.akamaihd.net/ since updates and such comes from this CDN, and I dont want to block the file webm. And I cant for the life of me figure how to block this spesific url? Google gives me only what I dont want to do. Any pointers? -Andreas
Re: [squid-users] Blocking spesific url
Em 10/07/14 09:04, Alexandre escreveu: Concerning blocking the specific URL. Someone correct me if I am wrong but I don't believe you can not do this with only squid. The squid ACL system can apparently block per domain: http://wiki.squid-cache.org/SquidFaq/SquidAcl Of course you can block specific URLs using only squid ACL options !! # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path if the URL is: http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm then something like: acl blockedurl url_regex -i akamaihd\.net\/battlelog\/background-videos\/ http_access deny block should do it ! And i not even include the filename which, i imagine, can change between different stages. -- Atenciosamente / Sincerily, Leonardo Rodrigues Solutti Tecnologia http://www.solutti.com.br Minha armadilha de SPAM, NÃO mandem email gertru...@solutti.com.br My SPAMTRAP, do not email it
Re: [squid-users] Blocking spesific url
My bad. I need to check squid ACL in more detail. I guess squidguard main advantage is speed when dealing with large list of URL then. Alexandre On 10/07/14 14:31, Leonardo Rodrigues wrote: Em 10/07/14 09:04, Alexandre escreveu: Concerning blocking the specific URL. Someone correct me if I am wrong but I don't believe you can not do this with only squid. The squid ACL system can apparently block per domain: http://wiki.squid-cache.org/SquidFaq/SquidAcl Of course you can block specific URLs using only squid ACL options !! # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path if the URL is: http://eaassets-a.akamaihd.net/battlelog/background-videos/naval-mov.webm then something like: acl blockedurl url_regex -i akamaihd\.net\/battlelog\/background-videos\/ http_access deny block should do it ! And i not even include the filename which, i imagine, can change between different stages.
