How to block msn messenger

ozanus

Hello Dear All,

I need block msn messenger on local area.I research on forum.pfsense.org …

I block 1863 port and msn access to 80,443 ...
I use squid proxy server, add to "Custom Options" on http://wiki.squid-cache.org/ConfigExamples/Chat/MsnMessenger

acl msn url_regex -i gateway.dll;acl msnd dstdomain messenger.msn.com;gateway.messenger.hotmail.com;acl msn1 req_mime_type ^application/x-msn-messenger$;http_access deny msnd;http_access deny msn;http_access deny msn1;

but dont block msn. My squid.conf attach in meail.
How to block msn messenger with pfsense.

Thansk.
-BR

Do not edit manually !

http_port 10.0.0.22:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/Turkish
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
shutdown_lifetime 3 seconds

Allow local network(s) on interface(s)

acl localnet src  10.0.0.0/255.255.255.0
uri_whitespace strip

cache_dir aufs /var/squid/cache 100 16 256
cache_mem 8 MB
maximum_object_size 10 KB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
offline_mode off
dns_children 32

No redirector configured

Setup some default acls

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535
acl sslports port 443 563
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin ?
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

Always allow localhost connections

http_access allow localhost

request_body_max_size 0 KB
reply_body_max_size 0 allow all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all

Block access to blacklist domains

http_access deny blacklist

Allow local network(s) on interface(s)

http_access allow localnet

Custom options

acl msn url_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com
gateway.messenger.hotmail.com
acl msn1 req_mime_type ^application/x-msn-messenger$
http_access deny msnd
http_access deny msn
http_access deny msn1

Default block all to be sure

http_access deny all

jigpe

"I block 1863 port and msn access to 80,443 …
I use squid proxy server, add to "Custom Options" on http://wiki.squid-cache.org/ConfigExamples/Chat/MsnMessenger"

why you block 80,443? I think you need that ports in your pfsense. Try use Aliases or Firewall Rule and check outbound inbound.

jigp
Davao City
1.2.2

jigpe

Also, msn has a lot of ports. They use https also i guess

jigp
Davao City
1.2.2