Need Help about Block Video/Audio Streaming



  • Hi everybody,
    Im new user on this site and new on linux.
    We bought a hardware firewall (dansguardian + squid) about 4 years ago. The compony not support for this firewall at the moment. I need to recfg it for some blocks.

    I changed somethinks in squid.conf. Im blocking the streams but, some of ip addresses need to access streams. Also all of ip addressesneed to access bank sites. Im writing but not working. Im working on it about 1 week. Im gonna be crazy. Can anyone help me about this? Thanks for advice.

    Im writing here my squid.conf

    #–----------[ Transparent Proxy ]–----------#
    http_port 3128
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on
    #----------[ Transparent Proxy EOF ]–--------#

    visible_hostname ******************

    cache_mgr ****************
    cache_dir ufs /var/spool/squid 1000 16 256
    cache_replacement_policy heap GDSF
    cache_store_log none
    cache_mem 32 MB
    cachemgr_passwd disable all
    store_avg_object_size 8 KB

    minimum_object_size 0 KB
    maximum_object_size 4096 KB
    maximum_object_size_in_memory 8 KB

    fqdncache_size 1024
    memory_replacement_policy lru

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    ##################GLOBAL#############################
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl novum src 192.168.1.0/24
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 21 443 563 70 210 1025-65535
    acl Safe_ports port 280
    acl Safe_ports port 488
    acl Safe_ports port 591
    acl Safe_ports port 777
    acl CONNECT method CONNECT

    acl msnmessenger url_regex -i gateway.dll
    http_access deny msnmessenger

    acl MSN req_mime_type ^application/x-msn-messenger$
    acl MSN req_mime_type ^application/x-msnmsgrp2p$
    acl MSN req_mime_type ^application/x-msnmsgr-sessionreqbody$
    acl MSN req_mime_type ^application/x-msnmsgr-transreqbody$
    http_access deny MSN

    #####################################################
    acl GoodIP src 192.168.1.2
    acl GoodIP src 192.168.1.3

    acl BlockExt url_regex -i .mp3$ .asx$ .wma$ .wmv$ .avi$ .mpeg$ .mpg$ .qt$ .ram$ .rm$ .iso$ .wav$ .exe$

    acl fails rep_mime_type ^.mms.
    acl fails rep_mime_type ^.ms-hdr.
    acl fails rep_mime_type ^.x-fcs.
    acl fails rep_mime_type ^.x-ms-asf.

    acl fails2 urlpath_regex dvrplayer mediastream mms://
    acl fails2 urlpath_regex .asf$ .afx$ .flv$ .swf$ .wmv$ .mp4$ .mp3$ .avi$ .3gp$ .wmf$ .ogg$ .mpg$ .mpeg$

    acl flashvideo rep_mime_type -i video/flv
    acl shockwave rep_mime_type -i ^application/x-shockwave-flash$

    acl wreq1 req_mime_type -i ^application/octet-stream$
    acl wreq2 req_mime_type -i application/octet-stream
    acl wreq3 req_mime_type -i ^application/x-mplayer2$
    acl wreq4 req_mime_type -i application/x-mplayer2
    acl wreq5 req_mime_type -i ^application/x-oleobject$
    acl wreq6 req_mime_type -i application/x-oleobject
    acl wreq7 req_mime_type -i application/x-pncmd
    acl wreq8 req_mime_type -i ^video/x-ms-asf$
    acl wreq9 req_mime_type -i ^video/mpeg4

    acl wrep1 rep_mime_type -i ^application/octet-stream$
    acl wrep2 rep_mime_type -i application/octet-stream
    acl wrep3 rep_mime_type -i ^application/x-mplayer2$
    acl wrep4 rep_mime_type -i application/x-mplayer2
    acl wrep5 rep_mime_type -i ^application/x-oleobject$
    acl wrep6 rep_mime_type -i application/x-oleobject
    acl wrep7 rep_mime_type -i application/x-pncmd
    acl wrep8 rep_mime_type -i ^video/x-ms-asf$
    acl wrep9 rep_mime_type -i ^video/mpeg4

    ##################################################

    http_access deny BlockExt !GoodIP
    http_access deny fails !GoodIP
    http_access deny fails2 !GoodIP
    http_access deny flashvideo !GoodIP
    http_access deny shockwave !GoodIP
    http_access deny wreq1 !GoodIP
    http_access deny wreq2 !GoodIP
    http_access deny wreq3 !GoodIP
    http_access deny wreq4 !GoodIP
    http_access deny wreq5 !GoodIP
    http_access deny wreq6 !GoodIP
    http_access deny wreq7 !GoodIP
    http_access deny wreq8 !GoodIP
    http_access deny wreq9 !GoodIP

    http_reply_access deny fails !GoodIP
    http_reply_access deny fails2 !GoodIP
    http_reply_access deny flashvideo !GoodIP
    http_reply_access deny shockwave !GoodIP
    http_reply_access deny wrep1 !GoodIP
    http_reply_access deny wrep2 !GoodIP
    http_reply_access deny wrep3 !GoodIP
    http_reply_access deny wrep4 !GoodIP
    http_reply_access deny wrep5 !GoodIP
    http_reply_access deny wrep6 !GoodIP
    http_reply_access deny wrep7 !GoodIP
    http_reply_access deny wrep8 !GoodIP
    http_reply_access deny wrep9 !GoodIP

    ###################################################

    http_access allow manager
    http_access allow localhost
    http_access allow novum
    http_access deny to_localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports

    http_access deny all
    icp_access deny all
    icp_port 0

    ftp_user proxy@novum.local
    ftp_list_width 32
    ftp_passive on

    #acl intranet dstdomain atlantisbt.net fox4um.com
    #always_direct allow intranet
    #no_cache deny intranet

    #negative_ttl 5 minutes
    #positive_dns_ttl 6 hours
    #negative_dns_ttl 5 minutes

    miss_access allow all
    forwarded_for off

    #auth_param digest program /usr/local/squid/libexec/digest_pw
    #auth_param digest children 8
    #auth_param digest realm Access to Squid
    #auth_param digest nonce_garbage_interval 10 minutes
    #auth_param digest nonce_max_duration 45 minutes
    #auth_param digest nonce_max_count 100
    #auth_param digest nonce_strictness on
    #acl locallan proxy_auth REQUIRED
    #http_access allow locallan

    header_replace User-Agent Atlantis/V3.2

    ie_refresh on
    #dns_nameservers 193.192.100.100 193.192.100.101 193.192.100.120 193.192.100.121
    hierarchy_stoplist cgi-bin ?

    acl gator dstdomain gator.com
    http_access deny gator

    acl hx dstdomain .hotmail.msn.com
    header_access accept-encoding deny hx

    acl QUERY urlpath_regex cgi-bin ?
    no_cache deny QUERY

    #acl dosyalar url_regex -i .exe$ .ram$ .mov$ .qt$ .mpw$ .rm$ .wav$ .wmv$ .ace$ .rar$ .mp3$ .mpg$ .mpeg$
    #acl calismasaati time MTWHFS 09:00-18:00
    #http_access deny dosyalar calismasaati
    #error_directory /usr/share/squid/errors

    quick_abort_min 3 KB
    quick_abort_max 3 KB
    quick_abort_pct 95
    authenticate_ttl 1 hour
    authenticate_ip_ttl 60 seconds
    half_closed_clients off


Log in to reply