How to block msn messenger



  • Hello Dear All,

    I need block msn messenger on local area.I research on forum.pfsense.org

    I block 1863 port and msn access to 80,443 ...
    I use squid proxy server, add to "Custom Options" on http://wiki.squid-cache.org/ConfigExamples/Chat/MsnMessenger

    acl msn url_regex -i gateway.dll;acl msnd dstdomain messenger.msn.com;gateway.messenger.hotmail.com;acl msn1 req_mime_type ^application/x-msn-messenger$;http_access deny msnd;http_access deny msn;http_access deny msn1;

    but dont block msn. My squid.conf attach in meail.
    How to block msn messenger with pfsense.

    Thansk.
    -BR

    Do not edit manually !

    http_port 10.0.0.22:3128
    http_port 127.0.0.1:80 transparent
    icp_port 0

    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_directory /usr/local/etc/squid/errors/Turkish
    icon_directory /usr/local/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /var/squid/log/access.log
    cache_log /var/squid/log/cache.log
    cache_store_log none
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  10.0.0.0/255.255.255.0
    uri_whitespace strip

    cache_dir aufs /var/squid/cache 100 16 256
    cache_mem 8 MB
    maximum_object_size 10 KB
    minimum_object_size 0 KB
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    offline_mode off
    dns_children 32

    No redirector configured

    Setup some default acls

    acl all src 0.0.0.0/0.0.0.0
    acl localhost src 127.0.0.1/255.255.255.255
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
    acl sslports port 443 563
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl dynamic urlpath_regex cgi-bin ?
    acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
    cache deny dynamic
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    http_access allow localhost

    request_body_max_size 0 KB
    reply_body_max_size 0 allow all
    delay_pools 1
    delay_class 1 2
    delay_parameters 1 -1/-1 -1/-1
    delay_initial_bucket_level 100
    delay_access 1 allow all

    Block access to blacklist domains

    http_access deny blacklist

    Allow local network(s) on interface(s)

    http_access allow localnet

    Custom options

    acl msn url_regex -i gateway.dll
    acl msnd dstdomain messenger.msn.com
    gateway.messenger.hotmail.com
    acl msn1 req_mime_type ^application/x-msn-messenger$
    http_access deny msnd
    http_access deny msn
    http_access deny msn1

    Default block all to be sure

    http_access deny all



  • "I block 1863 port and msn access to 80,443 …
    I use squid proxy server, add to "Custom Options" on http://wiki.squid-cache.org/ConfigExamples/Chat/MsnMessenger"

    why you block 80,443? I think you need that ports in your pfsense. Try use Aliases or Firewall Rule and check outbound inbound.

    jigp
    Davao City
    1.2.2



  • Also, msn has a lot of ports. They use https also i guess

    jigp
    Davao City
    1.2.2


Log in to reply