Help Me!! I need block download for extensions HTTP , FTP AND….
-
I think that you should wait answers from other ones. I can't tell how to configure this, but it might need l4 and l7 all together
-
???
There is the possibility of blocking the ftp squid? If you have to make these settings?
-
Squid is an http proxy it will not help you with ftp.
You would need to use something like ftp-proxy, although I don't think that allows file type control.Steve
Edit: Looks like I'm wrong. :-[
Squid does have some ftp features. -
Seeking information on the internet I see many people saying it's possible but have not found how.
I found this site I tried the process but without success
http://www.labtestproject.com/linux_network/step_by_step_enable_ftp_on_squid_proxy_in_linux_fedora_10.html
PfSense does not exist in a way to accomplish this process? -
You cannot block ftp file extensions. Solutions 1: disable default port to any and just open ports 80/443/53. 2: Use traffic shaper to slow down the download.
Hope this help.
jigp
-
Which part of those instructions could you not do?
Are you usign the squid 3 package?Steve
-
Thanks for the replies
Yes I have to block extension and it worked!
I got through the layer 7
I am now with the following difficulty
How to Block UltraSurf program
there is a PAT to include Layer 7 to block?
To block success got to block port 443 but that brings me more trouble than I want -
Just to confirm: you can block ftp download of specific file types with Squid 3?
Ultrasurf is designed to bypass firewalls so it's very difficult to block. It presumably connects to a proxy server using port 443 since that is almost always unblocked for SSL. The connection is encrypted so it's very hard to use layer 7 filtering. Why are you blocking it?
Steve
Edit: The first hit on Google throws up some useful info though.
-
Solutions 1: disable default port to any and just open ports 80/443/53. 2: Use traffic shaper to slow down the download.
Hope this help.
jigp
Do not open any port, including 53.
your network use your local dns and a proxy server.
set access to 53 only from dns server
Create a rule to allow traffic for proxy server port 3128 if you are using squid.
Create a l7 rule to cathc p2p traffic with 1kbps
if you block p2p, the client will try to use your squid. if you limit p2p the client will try to use it.And at squid.conf edit safe ports to allow only ports you know 80,443, etc exlcude the port range 1024-65535
-
Steve thanks for the help
As you know the squid3 not confirmed! The lock so I could do for l7.
About UltraSurf had already read that document but so far the only way I found to be successful in blocking was blocking all networks.
99.224.0.0/11
63.241.6.64/28
63.242.0.0/16
63.240.0.0/15
218.168.0.0/16
125.176.0.0/12
122.118.0.0/16
69.64.144.0/20
211.109.128.0/24
59.120.0.0/14
59.112.0.0/13
97.112.0.0/13
71.192.0.0/12
219.137.112.224/27
203.112.80.0/20
162.138.0.0/16
170.201.0.0/16
156.40.0.0/16
61.224.0.0/14
61.220.0.0/14
59.120.0.0/14
59.112.0.0/13
220.136.0.0/13
220.132.0.0/14
220.130.0.0/15
220.129.0.0/16
118.168.0.0/16
122.120.0.0/13
118.168.0.0/16
122.120.0.0/13
71.208.0.0/12
61.231.0.0/16
218.160.0.0/16
61.62.74.0/24
72.25.64.0/18
66.245.192.0/18
64.62.138.0/25
64.62.128.0/17
125.224.0.0/13Work but is not an efficient method because tomorrow there may be a new network.
