?
Solved

Block all chat programs using squid proxy

Posted on 2003-03-19
10
Medium Priority
?
1,553 Views
Last Modified: 2012-06-27
Dear experts,

Is there any way I can block MSN chat and othes usin squid proxy server. Or is there any other way to do that task. I am using Red-hat Linux 6.0. Help..
0
Comment
Question by:wangdi
8 Comments
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168456
more or less easy:
use the name server to internaly resolve *.hotmail.com. You will setup a "lame nameserver" but you can make it to answer only to the internal users.

at the same time, deny all the other protocols you do not need, and restrict them to certain users only.

this is an extract from my named.conf:
acl internals { 192.168.0.0/24; 127.0.0.1/32; };
acl externals { any; };

zone "hotmail.com" {
        type master;
        allow-query { internals; };
        file "pz/sislogistics.com";
}


and in the zone file you need to setup
* IN 127.0.0.1

and that should help.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168459
more or less easy:
use the name server to internaly resolve *.hotmail.com. You will setup a "lame nameserver" but you can make it to answer only to the internal users.

at the same time, deny all the other protocols you do not need, and restrict them to certain users only.

this is an extract from my named.conf:
acl internals { 192.168.0.0/24; 127.0.0.1/32; };
acl externals { any; };

zone "hotmail.com" {
        type master;
        allow-query { internals; };
        file "pz/hotmail.com";
}


and in the zone file you need to setup
* IN 127.0.0.1

and that should help.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168467
sorry for the two posts. the last is accurate.

Regards
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Expert Comment

by:NMi
ID: 8180557
Previous solution is lame for several reasons:
1. This is designed to work for all people using this DNS server, without exceptions, even the system administrator himself.
2. This doesn't let you to access OTHER services, for example - http://www.hotmail.com/

I think if you're using squid as proxy for clients, then you should be using its ACL (access control lists) to prevent your users from accessing specific sites, domains, or whatever.

You can start with squid.conf lines like this ...

acl sites-denied url_regex "sites-denied.acl"
http_access deny sites-denied

... then you should write in sites-denied.acl anything you want to block - hotmail.com, the word 'banners', whatever. Make sure you know where squid is going to look for your configuration files.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8180608
NMi: You are right :) we had some discussions here some time ago, and I forgot such solution...

wangdi: the msn client connects with whatever port is allowed to go out. if you block all the other ports, the squid solution is the best one, as it can block only selected users and not all the users.

Regards
0
 

Author Comment

by:wangdi
ID: 8186407
Dear experts,

Thanks for your valuable solutions. I try as NMI asked me to use ACL in squid. In my list I block msn.chat, chat, Msn, .net, Msn.net, and etc. But it also block hotmail. The problem is some of my users they have a signed in with hotmail for e-mails.

My users have setup MSN messenger on their machines, which creates lost of problem with the bandwidth. Therefore, I would like to block most of the chat programs.

some examples is appreciated, how to do it. because I am at learning stage with the linux.

thanks
0
 
LVL 2

Accepted Solution

by:
NMi earned 2000 total points
ID: 8193665
If you wish to block all hotmail chats, but still want to allow access to port 80 - your can do it in no time.

[ original setup ]
acl sites-denied url_regex "sites-denied.acl"
http_access deny sites-denied

[ fine-tuned setup ]
acl sites-denied url_regex "sites-denied.acl"
acl sites-allowed url_regex "sites-allowed.acl"
acl ports-allowed port 80
http_access allow sites-allowed ports-allowed
http_access deny sites-denied

This way, you allow your users to surt sites mentioned in "sites-allowed.acl" file _using_ port 80 (ACL ports-allowed - you can add more ports if necessary), but still deny access to sites and chats mentioned in "sited-denied.acl".
0
 

Expert Comment

by:CleanupPing
ID: 9077629
wangdi:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
The Relationships Diagram is a good way to get an overall view of what a database is keeping track of. It is also where relationships are defined. A relationship specifies how two tables connect to each other. As you build tables in Microsoft Ac…
Suggested Courses

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question