|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Blocking Skype
From: Andrew McGill (andrew2005
ledge.co.za)
Date: Mon Nov 14 2005 - 05:08:56 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Polarizer wrote,
> > acl connect method CONNECT
>
> This line is not necessary since standard squid.conf contains this line:
>
> acl CONNECT method CONNECT
>
> so simply use the uppercase version (squid does not check upper and lower case
> in acl names)
>
> > # Apply your acls
> > http access deny connect numerics_IPs all
>
> Respect :O) Two typos in just one line. With CONNECT mentioned above:
>
> http_access deny CONNECT numeric_IPs all
>
> instead of
>
> http access deny connect numerics_IPs all
>
> BTW: I'm sure, it will break a lot of other things but skype, too.
Allowing only authenticated web access blocks skype:
acl PASSWORD proxy_auth REQUIRED
http_access allow PASSWORD
http_access deny all
Admittedly, this was the configuration, and it was impossible to
*allow* skype. Although Skype understands the concept of a proxy
server, it doesn't understand the concept of authentication --or
at least, when it really matters, it doesn't try to authenticate,
very much like MSN messenger. NTLM auth would block it even
harder, I suspect.
&:-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]