Re: [squid-users] How to block shoutcast streams? from Boniforti Flavio on 2005-11-18 (squid-users)

From: Boniforti Flavio <boniforti@dont-contact.us>
Date: Fri, 18 Nov 2005 13:53:05 +0100

Brent Clark wrote:

> I basically deny the client used.
>
> ## Stop multimedia downloads ##
> acl useragent browser -i ^.*NSPlayer.*
> acl useragent browser -i ^.*player.*
> acl useragent browser -i ^.*Windows-Media-Player.*
> acl useragentq rep_mime_type ^.*video.*
> acl useragentq rep_mime_type ^.*audio.*
> http_access deny useragent
> http_access deny useragentq

Sorry for bothering again, but:
does this setup work for you? I mean, I have similar ACLs (not the ones
with the "browser" tough) and I use http_reply_access for rep_mime_type
ACLs.

Here:

########################################################################
# ACL List

acl streaming rep_mime_type ^video/x-ms-asf ^video/x-ms-sf ^audio/mpeg
^audio/x-mpeg ^audio/x-pn-realaudio ^application/x-mms-
framed ^application/vnd.ms.wms-hdr.asfv1 # MIME per streaming content
acl block_stream urlpath_regex
\.(ra?m|mpe?g?|mov|m3u|pls|ivf|asf|asx|avi|wax|wma|wmv|wvx|wmp|wmx|m1v|mp2|mp3|mpa|mpe|mpv2)($|
\?) # estensioni file per blocco streaming
########################################################################

# Consenti accesso a cachemgr anche da se stesso
http_access deny manager !localhost !apache

# Only allow purge requests from localhost
http_access deny purge !localhost

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl our_networks src 10.167.208.0/24 10.167.209.0/24 10.167.210.0/24
10.167.211.0/24 10.167.212.0/24
acl our_networks src 10.3.21.10/32 10.3.21.13/32 10.3.21.15/32 # RUPAR
dial-in

http_access allow CED UtentiAutorizzati
http_access allow our_networks
http_access allow localhost

http_reply_access deny block_stream
http_reply_access deny streaming

# And finally deny all other access to this proxy
http_access deny all

http_reply_access allow all
##########

Do you see some errors in what I've configured here? If not, I would
then go further and set up browser (useragent) ACLs and place them in
the right sequence.

TIA,

-- 
-----------------------------------
Boniforti Flavio
Provincia del Verbano-Cusio-Ossola
Ufficio Informatica
Tecnoparco del Lago Maggiore
Via dell'Industria, 25
28924 Verbania
-----------------------------------

Received on Fri Nov 18 2005 - 05:53:13 MST

This archive was generated by hypermail pre-2.1.9 : Thu Dec 01 2005 - 12:00:10 MST