We are trying to block realplayer (audio/video). Turning off RTSP and
Real-Audio services wasn't enough. We found that the new players can
encapsulate in HTTP, bypassing these two services entirely. The suggestion
in phoneboy's site to create a URI filter for *.rm, *.ram, *.ra files works
for the URL's that are direct links to files with these extensions.
However, some sites use links to active server processes, URL paths with
.asp extensions. For these URL's the phoneboy filter alone did not work.
I did some traces with a sniffer and these types of links appear to do gets
and posts to a file with a name of "SmpDsBhgRL". So, combining phoneboy's
suggestion I came up with a wild card filter of "{*/*.{ra,rm,ram},
*.{ra,rm,ram},*/smpdsbhgrl*,smpdsbhgrl*}.
This seems to have worked. The problem is I don't for sure know that those
last two wildcards are unique to the realplayer. I tested it on two
versions of the player on two different machines, from various web-sites
and the activitiy seem consistent.
Does anyone know exactly how this realplayer works and what else needs to
be done to block it.
----------------------------------------------------------------------------------------
Greg Winkler
Systems Manager, IT&S
Huntsman Corporation
Internet Mail: [EMAIL PROTECTED]
Voice: (713) 235-6018
Fax: (713) 235-6890
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
