Need Help about Block Video/Audio Streaming
-
Hi everybody,
Im new user on this site and new on linux.
We bought a hardware firewall (dansguardian + squid) about 4 years ago. The compony not support for this firewall at the moment. I need to recfg it for some blocks.I changed somethinks in squid.conf. Im blocking the streams but, some of ip addresses need to access streams. Also all of ip addressesneed to access bank sites. Im writing but not working. Im working on it about 1 week. Im gonna be crazy. Can anyone help me about this? Thanks for advice.
Im writing here my squid.conf
#–----------[ Transparent Proxy ]–----------#
http_port 3128
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#----------[ Transparent Proxy EOF ]–--------#visible_hostname ******************
cache_mgr ****************
cache_dir ufs /var/spool/squid 1000 16 256
cache_replacement_policy heap GDSF
cache_store_log none
cache_mem 32 MB
cachemgr_passwd disable all
store_avg_object_size 8 KBminimum_object_size 0 KB
maximum_object_size 4096 KB
maximum_object_size_in_memory 8 KBfqdncache_size 1024
memory_replacement_policy lrurefresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320##################GLOBAL#############################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl novum src 192.168.1.0/24
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECTacl msnmessenger url_regex -i gateway.dll
http_access deny msnmessengeracl MSN req_mime_type ^application/x-msn-messenger$
acl MSN req_mime_type ^application/x-msnmsgrp2p$
acl MSN req_mime_type ^application/x-msnmsgr-sessionreqbody$
acl MSN req_mime_type ^application/x-msnmsgr-transreqbody$
http_access deny MSN#####################################################
acl GoodIP src 192.168.1.2
acl GoodIP src 192.168.1.3acl BlockExt url_regex -i .mp3$ .asx$ .wma$ .wmv$ .avi$ .mpeg$ .mpg$ .qt$ .ram$ .rm$ .iso$ .wav$ .exe$
acl fails rep_mime_type ^.mms.
acl fails rep_mime_type ^.ms-hdr.
acl fails rep_mime_type ^.x-fcs.
acl fails rep_mime_type ^.x-ms-asf.acl fails2 urlpath_regex dvrplayer mediastream mms://
acl fails2 urlpath_regex .asf$ .afx$ .flv$ .swf$ .wmv$ .mp4$ .mp3$ .avi$ .3gp$ .wmf$ .ogg$ .mpg$ .mpeg$acl flashvideo rep_mime_type -i video/flv
acl shockwave rep_mime_type -i ^application/x-shockwave-flash$acl wreq1 req_mime_type -i ^application/octet-stream$
acl wreq2 req_mime_type -i application/octet-stream
acl wreq3 req_mime_type -i ^application/x-mplayer2$
acl wreq4 req_mime_type -i application/x-mplayer2
acl wreq5 req_mime_type -i ^application/x-oleobject$
acl wreq6 req_mime_type -i application/x-oleobject
acl wreq7 req_mime_type -i application/x-pncmd
acl wreq8 req_mime_type -i ^video/x-ms-asf$
acl wreq9 req_mime_type -i ^video/mpeg4acl wrep1 rep_mime_type -i ^application/octet-stream$
acl wrep2 rep_mime_type -i application/octet-stream
acl wrep3 rep_mime_type -i ^application/x-mplayer2$
acl wrep4 rep_mime_type -i application/x-mplayer2
acl wrep5 rep_mime_type -i ^application/x-oleobject$
acl wrep6 rep_mime_type -i application/x-oleobject
acl wrep7 rep_mime_type -i application/x-pncmd
acl wrep8 rep_mime_type -i ^video/x-ms-asf$
acl wrep9 rep_mime_type -i ^video/mpeg4##################################################
http_access deny BlockExt !GoodIP
http_access deny fails !GoodIP
http_access deny fails2 !GoodIP
http_access deny flashvideo !GoodIP
http_access deny shockwave !GoodIP
http_access deny wreq1 !GoodIP
http_access deny wreq2 !GoodIP
http_access deny wreq3 !GoodIP
http_access deny wreq4 !GoodIP
http_access deny wreq5 !GoodIP
http_access deny wreq6 !GoodIP
http_access deny wreq7 !GoodIP
http_access deny wreq8 !GoodIP
http_access deny wreq9 !GoodIPhttp_reply_access deny fails !GoodIP
http_reply_access deny fails2 !GoodIP
http_reply_access deny flashvideo !GoodIP
http_reply_access deny shockwave !GoodIP
http_reply_access deny wrep1 !GoodIP
http_reply_access deny wrep2 !GoodIP
http_reply_access deny wrep3 !GoodIP
http_reply_access deny wrep4 !GoodIP
http_reply_access deny wrep5 !GoodIP
http_reply_access deny wrep6 !GoodIP
http_reply_access deny wrep7 !GoodIP
http_reply_access deny wrep8 !GoodIP
http_reply_access deny wrep9 !GoodIP###################################################
http_access allow manager
http_access allow localhost
http_access allow novum
http_access deny to_localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_portshttp_access deny all
icp_access deny all
icp_port 0ftp_user proxy@novum.local
ftp_list_width 32
ftp_passive on#acl intranet dstdomain atlantisbt.net fox4um.com
#always_direct allow intranet
#no_cache deny intranet#negative_ttl 5 minutes
#positive_dns_ttl 6 hours
#negative_dns_ttl 5 minutesmiss_access allow all
forwarded_for off#auth_param digest program /usr/local/squid/libexec/digest_pw
#auth_param digest children 8
#auth_param digest realm Access to Squid
#auth_param digest nonce_garbage_interval 10 minutes
#auth_param digest nonce_max_duration 45 minutes
#auth_param digest nonce_max_count 100
#auth_param digest nonce_strictness on
#acl locallan proxy_auth REQUIRED
#http_access allow locallanheader_replace User-Agent Atlantis/V3.2
ie_refresh on
#dns_nameservers 193.192.100.100 193.192.100.101 193.192.100.120 193.192.100.121
hierarchy_stoplist cgi-bin ?acl gator dstdomain gator.com
http_access deny gatoracl hx dstdomain .hotmail.msn.com
header_access accept-encoding deny hxacl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY#acl dosyalar url_regex -i .exe$ .ram$ .mov$ .qt$ .mpw$ .rm$ .wav$ .wmv$ .ace$ .rar$ .mp3$ .mpg$ .mpeg$
#acl calismasaati time MTWHFS 09:00-18:00
#http_access deny dosyalar calismasaati
#error_directory /usr/share/squid/errorsquick_abort_min 3 KB
quick_abort_max 3 KB
quick_abort_pct 95
authenticate_ttl 1 hour
authenticate_ip_ttl 60 seconds
half_closed_clients off