RE: [squid-users] Need an ACL to get around this..

From: Elsen Marc <[email protected]>
Date: Wed, 24 Mar 2004 07:48:31 +0100

 
>
> Hi all,
>
> I've been seeing users start to tunnel thru my squid
> caches, especially for connecting to IRC servers. I
> get CONNECT lines in my log either going to 6667 (irc
> default) or more sneakily, 443. As there are is a
> sizable number of irc servers my users are connecting
> to, and the fact CONNECT is used for regular https
> websites, i can't block the method or the
> hostnames/ip's. I recompiled squid to log user-agents,
> but again, anything coming in on a CONNECT does not
> show up - i thought at least i could identify the irc
> clients and block them with an "browser" ACL.
>
> So i guess what i am asking, is there an easier, more
> maintainable way to stop this rather than spending day
> after day compiling ip lists for multiple servers -
> I'm really hoping for a one-liner here.
>
> Many thanks in advance,
>
 
 The default squid.conf will not allow connections to 6667;
in order to have a 'strict' config :

acl SSL_ports port 443
http_access deny CONNECT !SSL_ports

 If you block 443, then valid SSL sites will be blocked too;
 and your users will no longer be able to access those.
 
 If you want further control on access to malicous
 '443-sites' then you need to make use of access controls
 in SQUID (see the FAQ).

 M.
Received on Tue Mar 23 2004 - 23:48:34 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:02 MST