?
Solved

Block all chat programs using squid proxy

Posted on 2003-03-19
10
Medium Priority
?
1,544 Views
Last Modified: 2012-06-27
Dear experts,

Is there any way I can block MSN chat and othes usin squid proxy server. Or is there any other way to do that task. I am using Red-hat Linux 6.0. Help..
0
Comment
Question by:wangdi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168456
more or less easy:
use the name server to internaly resolve *.hotmail.com. You will setup a "lame nameserver" but you can make it to answer only to the internal users.

at the same time, deny all the other protocols you do not need, and restrict them to certain users only.

this is an extract from my named.conf:
acl internals { 192.168.0.0/24; 127.0.0.1/32; };
acl externals { any; };

zone "hotmail.com" {
        type master;
        allow-query { internals; };
        file "pz/sislogistics.com";
}


and in the zone file you need to setup
* IN 127.0.0.1

and that should help.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168459
more or less easy:
use the name server to internaly resolve *.hotmail.com. You will setup a "lame nameserver" but you can make it to answer only to the internal users.

at the same time, deny all the other protocols you do not need, and restrict them to certain users only.

this is an extract from my named.conf:
acl internals { 192.168.0.0/24; 127.0.0.1/32; };
acl externals { any; };

zone "hotmail.com" {
        type master;
        allow-query { internals; };
        file "pz/hotmail.com";
}


and in the zone file you need to setup
* IN 127.0.0.1

and that should help.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8168467
sorry for the two posts. the last is accurate.

Regards
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 
LVL 2

Expert Comment

by:NMi
ID: 8180557
Previous solution is lame for several reasons:
1. This is designed to work for all people using this DNS server, without exceptions, even the system administrator himself.
2. This doesn't let you to access OTHER services, for example - http://www.hotmail.com/

I think if you're using squid as proxy for clients, then you should be using its ACL (access control lists) to prevent your users from accessing specific sites, domains, or whatever.

You can start with squid.conf lines like this ...

acl sites-denied url_regex "sites-denied.acl"
http_access deny sites-denied

... then you should write in sites-denied.acl anything you want to block - hotmail.com, the word 'banners', whatever. Make sure you know where squid is going to look for your configuration files.
0
 
LVL 19

Expert Comment

by:Gabriel Orozco
ID: 8180608
NMi: You are right :) we had some discussions here some time ago, and I forgot such solution...

wangdi: the msn client connects with whatever port is allowed to go out. if you block all the other ports, the squid solution is the best one, as it can block only selected users and not all the users.

Regards
0
 

Author Comment

by:wangdi
ID: 8186407
Dear experts,

Thanks for your valuable solutions. I try as NMI asked me to use ACL in squid. In my list I block msn.chat, chat, Msn, .net, Msn.net, and etc. But it also block hotmail. The problem is some of my users they have a signed in with hotmail for e-mails.

My users have setup MSN messenger on their machines, which creates lost of problem with the bandwidth. Therefore, I would like to block most of the chat programs.

some examples is appreciated, how to do it. because I am at learning stage with the linux.

thanks
0
 
LVL 2

Accepted Solution

by:
NMi earned 2000 total points
ID: 8193665
If you wish to block all hotmail chats, but still want to allow access to port 80 - your can do it in no time.

[ original setup ]
acl sites-denied url_regex "sites-denied.acl"
http_access deny sites-denied

[ fine-tuned setup ]
acl sites-denied url_regex "sites-denied.acl"
acl sites-allowed url_regex "sites-allowed.acl"
acl ports-allowed port 80
http_access allow sites-allowed ports-allowed
http_access deny sites-denied

This way, you allow your users to surt sites mentioned in "sites-allowed.acl" file _using_ port 80 (ACL ports-allowed - you can add more ports if necessary), but still deny access to sites and chats mentioned in "sited-denied.acl".
0
 

Expert Comment

by:CleanupPing
ID: 9077629
wangdi:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month12 days, 15 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question