Hi all, I've been seeing users start to tunnel thru my squid caches, especially for connecting to IRC servers. I get CONNECT lines in my log either going to 6667 (irc default) or more sneakily, 443. As there are is a sizable number of irc servers my users are connecting to, and the fact CONNECT is used for regular https websites, i can't block the method or the hostnames/ip's. I recompiled squid to log user-agents, but again, anything coming in on a CONNECT does not show up - i thought at least i could identify the irc clients and block them with an "browser" ACL.
So i guess what i am asking, is there an easier, more maintainable way to stop this rather than spending day after day compiling ip lists for multiple servers - I'm really hoping for a one-liner here. Many thanks in advance, Karl __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
