Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need Help about Block Video/Audio Streaming

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      drunk3n
      last edited by

      Hi everybody,
      Im new user on this site and new on linux.
      We bought a hardware firewall (dansguardian + squid) about 4 years ago. The compony not support for this firewall at the moment. I need to recfg it for some blocks.

      I changed somethinks in squid.conf. Im blocking the streams but, some of ip addresses need to access streams. Also all of ip addressesneed to access bank sites. Im writing but not working. Im working on it about 1 week. Im gonna be crazy. Can anyone help me about this? Thanks for advice.

      Im writing here my squid.conf

      #–----------[ Transparent Proxy ]–----------#
      http_port 3128
      httpd_accel_host virtual
      httpd_accel_port 80
      httpd_accel_with_proxy on
      httpd_accel_uses_host_header on
      #----------[ Transparent Proxy EOF ]–--------#

      visible_hostname ******************

      cache_mgr ****************
      cache_dir ufs /var/spool/squid 1000 16 256
      cache_replacement_policy heap GDSF
      cache_store_log none
      cache_mem 32 MB
      cachemgr_passwd disable all
      store_avg_object_size 8 KB

      minimum_object_size 0 KB
      maximum_object_size 4096 KB
      maximum_object_size_in_memory 8 KB

      fqdncache_size 1024
      memory_replacement_policy lru

      refresh_pattern ^ftp: 1440 20% 10080
      refresh_pattern ^gopher: 1440 0% 1440
      refresh_pattern . 0 20% 4320

      ##################GLOBAL#############################
      acl all src 0.0.0.0/0.0.0.0
      acl manager proto cache_object
      acl localhost src 127.0.0.1/255.255.255.255
      acl novum src 192.168.1.0/24
      acl to_localhost dst 127.0.0.0/8
      acl SSL_ports port 443 563
      acl Safe_ports port 80 21 443 563 70 210 1025-65535
      acl Safe_ports port 280
      acl Safe_ports port 488
      acl Safe_ports port 591
      acl Safe_ports port 777
      acl CONNECT method CONNECT

      acl msnmessenger url_regex -i gateway.dll
      http_access deny msnmessenger

      acl MSN req_mime_type ^application/x-msn-messenger$
      acl MSN req_mime_type ^application/x-msnmsgrp2p$
      acl MSN req_mime_type ^application/x-msnmsgr-sessionreqbody$
      acl MSN req_mime_type ^application/x-msnmsgr-transreqbody$
      http_access deny MSN

      #####################################################
      acl GoodIP src 192.168.1.2
      acl GoodIP src 192.168.1.3

      acl BlockExt url_regex -i .mp3$ .asx$ .wma$ .wmv$ .avi$ .mpeg$ .mpg$ .qt$ .ram$ .rm$ .iso$ .wav$ .exe$

      acl fails rep_mime_type ^.mms.
      acl fails rep_mime_type ^.ms-hdr.
      acl fails rep_mime_type ^.x-fcs.
      acl fails rep_mime_type ^.x-ms-asf.

      acl fails2 urlpath_regex dvrplayer mediastream mms://
      acl fails2 urlpath_regex .asf$ .afx$ .flv$ .swf$ .wmv$ .mp4$ .mp3$ .avi$ .3gp$ .wmf$ .ogg$ .mpg$ .mpeg$

      acl flashvideo rep_mime_type -i video/flv
      acl shockwave rep_mime_type -i ^application/x-shockwave-flash$

      acl wreq1 req_mime_type -i ^application/octet-stream$
      acl wreq2 req_mime_type -i application/octet-stream
      acl wreq3 req_mime_type -i ^application/x-mplayer2$
      acl wreq4 req_mime_type -i application/x-mplayer2
      acl wreq5 req_mime_type -i ^application/x-oleobject$
      acl wreq6 req_mime_type -i application/x-oleobject
      acl wreq7 req_mime_type -i application/x-pncmd
      acl wreq8 req_mime_type -i ^video/x-ms-asf$
      acl wreq9 req_mime_type -i ^video/mpeg4

      acl wrep1 rep_mime_type -i ^application/octet-stream$
      acl wrep2 rep_mime_type -i application/octet-stream
      acl wrep3 rep_mime_type -i ^application/x-mplayer2$
      acl wrep4 rep_mime_type -i application/x-mplayer2
      acl wrep5 rep_mime_type -i ^application/x-oleobject$
      acl wrep6 rep_mime_type -i application/x-oleobject
      acl wrep7 rep_mime_type -i application/x-pncmd
      acl wrep8 rep_mime_type -i ^video/x-ms-asf$
      acl wrep9 rep_mime_type -i ^video/mpeg4

      ##################################################

      http_access deny BlockExt !GoodIP
      http_access deny fails !GoodIP
      http_access deny fails2 !GoodIP
      http_access deny flashvideo !GoodIP
      http_access deny shockwave !GoodIP
      http_access deny wreq1 !GoodIP
      http_access deny wreq2 !GoodIP
      http_access deny wreq3 !GoodIP
      http_access deny wreq4 !GoodIP
      http_access deny wreq5 !GoodIP
      http_access deny wreq6 !GoodIP
      http_access deny wreq7 !GoodIP
      http_access deny wreq8 !GoodIP
      http_access deny wreq9 !GoodIP

      http_reply_access deny fails !GoodIP
      http_reply_access deny fails2 !GoodIP
      http_reply_access deny flashvideo !GoodIP
      http_reply_access deny shockwave !GoodIP
      http_reply_access deny wrep1 !GoodIP
      http_reply_access deny wrep2 !GoodIP
      http_reply_access deny wrep3 !GoodIP
      http_reply_access deny wrep4 !GoodIP
      http_reply_access deny wrep5 !GoodIP
      http_reply_access deny wrep6 !GoodIP
      http_reply_access deny wrep7 !GoodIP
      http_reply_access deny wrep8 !GoodIP
      http_reply_access deny wrep9 !GoodIP

      ###################################################

      http_access allow manager
      http_access allow localhost
      http_access allow novum
      http_access deny to_localhost
      http_access deny manager
      http_access deny !Safe_ports
      http_access deny CONNECT !SSL_ports

      http_access deny all
      icp_access deny all
      icp_port 0

      ftp_user proxy@novum.local
      ftp_list_width 32
      ftp_passive on

      #acl intranet dstdomain atlantisbt.net fox4um.com
      #always_direct allow intranet
      #no_cache deny intranet

      #negative_ttl 5 minutes
      #positive_dns_ttl 6 hours
      #negative_dns_ttl 5 minutes

      miss_access allow all
      forwarded_for off

      #auth_param digest program /usr/local/squid/libexec/digest_pw
      #auth_param digest children 8
      #auth_param digest realm Access to Squid
      #auth_param digest nonce_garbage_interval 10 minutes
      #auth_param digest nonce_max_duration 45 minutes
      #auth_param digest nonce_max_count 100
      #auth_param digest nonce_strictness on
      #acl locallan proxy_auth REQUIRED
      #http_access allow locallan

      header_replace User-Agent Atlantis/V3.2

      ie_refresh on
      #dns_nameservers 193.192.100.100 193.192.100.101 193.192.100.120 193.192.100.121
      hierarchy_stoplist cgi-bin ?

      acl gator dstdomain gator.com
      http_access deny gator

      acl hx dstdomain .hotmail.msn.com
      header_access accept-encoding deny hx

      acl QUERY urlpath_regex cgi-bin ?
      no_cache deny QUERY

      #acl dosyalar url_regex -i .exe$ .ram$ .mov$ .qt$ .mpw$ .rm$ .wav$ .wmv$ .ace$ .rar$ .mp3$ .mpg$ .mpeg$
      #acl calismasaati time MTWHFS 09:00-18:00
      #http_access deny dosyalar calismasaati
      #error_directory /usr/share/squid/errors

      quick_abort_min 3 KB
      quick_abort_max 3 KB
      quick_abort_pct 95
      authenticate_ttl 1 hour
      authenticate_ip_ttl 60 seconds
      half_closed_clients off

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.