Blocking extensions using a urlpath_regex ACL might do the trick better than others. If you block .ram, .ra, .asf and .asx (these are just off the top of my head - I'm sure there's a lot more to be found with a little research) you should be able to stop a lot of streaming stuff. Of course, this will also block streaming video with these extensions as well. Pair that up with a list of domains that serve streaming media (like launch.yahoo.com and windowsmedia.com) and you should stop most of what's out there. If I remember correctly, here's what ours looks like to stop certain downloads and streaming media:
acl extdeny urlpath_regex -i \.mp3$ \.wma$ \.mov$ \.mpg$ \.mpeg$ \.ram$ \.ra$ \.asx$ \.asf$ http_access deny extdeny Hope this helps. Mike -----Original Message----- From: Eric Geater 11/18/03 [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 25, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: [squid-users] Streaming filtering/blocking Good morning, everyone. I use Squid 2.5 Stable on a Mandrake 9.1 Linux box. It has proven itself nicely in the past, but now a gauntlet has been thrown, so to speak. Apparently, one of our users can still stream audio, even though I set up an ACL blocking a few sites. I've been reading a bit, and noticed that one person uses a url_regex command that points to a block.acl, while another person suggests filtering for mime strings. A third has suggested killing ports. I'm going to ask my question differently, however. Is it possible to get a list of mime types, or offending ports, or even a good list of likely extensions? The "block.acl" suggestion is a great one that seems to work (I tested it on blocking "tar" files last night, and it worked), but I know it can't be all-inclusive, and not likely to stop a lot of the offending traffic. Any input is welcome. Thanks! Eric egeater at mscoinc dot com Eric Geater I.T. Representative MSCO, Inc. 731-935-8538 731-431-3742 egeater at mscoinc dot com
