Hi Marc, Thanks for your comments, I fully understand your suggestions - and have indeed implimented the same for other services. As i have a large number of squid-caches to maintain (around 11) with requests coming from different user classes, it will be a constant task for me to target irc servers and keep the denied sites list up to date. I was more looking for a way to identify a user-agent as "not a browser" and then block that user-agent from access to my squids...... In the mean time - looks like list compiling :(
Cheers, Karl --- Elsen Marc <[EMAIL PROTECTED]> wrote: > > > > > > Hi all, > > > > I've been seeing users start to tunnel thru my > squid > > caches, especially for connecting to IRC servers. > I > > get CONNECT lines in my log either going to 6667 > (irc > > default) or more sneakily, 443. As there are is a > > sizable number of irc servers my users are > connecting > > to, and the fact CONNECT is used for regular https > > websites, i can't block the method or the > > hostnames/ip's. I recompiled squid to log > user-agents, > > but again, anything coming in on a CONNECT does > not > > show up - i thought at least i could identify the > irc > > clients and block them with an "browser" ACL. > > > > So i guess what i am asking, is there an easier, > more > > maintainable way to stop this rather than spending > day > > after day compiling ip lists for multiple servers > - > > I'm really hoping for a one-liner here. > > > > Many thanks in advance, > > > > The default squid.conf will not allow connections > to 6667; > in order to have a 'strict' config : > > acl SSL_ports port 443 > http_access deny CONNECT !SSL_ports > > If you block 443, then valid SSL sites will be > blocked too; > and your users will no longer be able to access > those. > > If you want further control on access to malicous > '443-sites' then you need to make use of access > controls > in SQUID (see the FAQ). > > M. > __________________________________ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html
