[squid-users] Google-Talk and Space Usage/Expiration

From: Vadim Pushkin <wiskbroom@dont-contact.us>
Date: Tue, 03 Apr 2007 19:23:44 +0000

Hello all;

I am trying to block, if at all possible, google-talk, which can be accessed
with the mail.google.com URL. I do *NOT* wish to prevent users from using
google-mail itself. Is their a way to do this? Must I install websense,
which I have never used nor know much about.

Can anyone who has done this please assist? My current squid.conf below.

regards,

.vp

>Hello All Once More;
>
>I am attaching my squid.conf in hopes of finding some solutions to what I
>have been unsuccessful at accomplishing.
>
>1. I would like to create a list of either domains, sites and/or IP
>addresses that would be used to restrict the use of CONNECT to just
>sites/URL's contained in this list.
>
>I was thinking of using this:
>acl allowed-CONNECTS url_regex -i "/home/squid/etc/allowed-CONNECTS"
>http_access deny CONNECT !allowed-CONNECTS
>
>2. I've had some issues recently whereby Squid died and was unable to
>restart due to a disk-full condition, though at the time my 60GB partition
>was at just 87% full. I was wondering if perhaps I did not specify the
>size allocated properly in this config, and/or if I had misused the LFUDA
>directive?
>
>3. I am trying to block, if at all possible, google-talk, which can be
>used with the mail.google.com URL, but I do *NOT* wish to prevent users
>from using google-mail.
>
>
>Many, many thanks in advance,
>
>.vp
>
>----SQUID.CONF BELOW-------
>
>##################################
># PROXY1
># squid.conf
>##################################
>
>debug_options ALL,1
>
>###################################
># General Options
>###################################
>
>http_port 8080
>
>hierarchy_stoplist cgi-bin ?
>
>#
># Revisit these two lines later - perhaps move them as well.
>#
>acl QUERY urlpath_regex cgi-bin \?
>#
>cache_dir aufs /data/squidcache 51200 64 256
># Increase maximum object size:
>maximum_object_size 32 MB
># maximum_object_size 5000000 KB
>
>cache_mem 4 MB
>cache_swap_low 97
>cache_swap_high 98
>
>ipcache_size 4096
>ipcache_low 90
>ipcache_high 95
>fqdncache_size 4096
>buffered_logs off
>
># Use heap LFUDA replacement policy:
>
>cache_replacement_policy heap LFUDA
>
>cache_access_log /data/squidlogs/access.log
>
># cache_access_log /data/squidcache
># cache_log /dev/null
># cache_log /tmp/cache.log
># cache_store_log none
>
>#
># Keep this log here? Need if using debug.
>#
># cache_store_log /home/squid/var/logs/store.log
>cache_store_log none
>
>
>ftp_user ftp@mydomain.EDU
>
># Keep? (Not with current AUFS use)
># diskd_program /home/squid/libexec/diskd
>
>#reference_age 6 month
>quick_abort_min 1 KB
>quick_abort_max 1048576 KB
>quick_abort_pct 90
>connect_timeout 30 second
>read_timeout 5 minute
>request_timeout 30 second
>client_lifetime 2 hour
>half_closed_clients off
>pconn_timeout 120 second
>ident_timeout 10 second
>shutdown_lifetime 15 second
>
># request_body_max_size 50 MB
>request_header_max_size 100 KB
>request_body_max_size 2000 KB
>
>refresh_pattern ^ftp: 1440 50% 86400
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 50% 86400
>
>############################
># ACL's
>############################
>
>#
># Below is an example of how to block some language/sites.
>#
>
># acl porn url_regex "/home/squid/etc/porn-list"
># acl noporn url_regex "/home/squid/etc/noporn-list"
># http_access deny porn !noporn
>
># Below is an example of how to prevent certain types of
># files from being downloaded (I.e. .exe, .scr, etc)
>
># Currently in use to prevent WMF virus. (.wmf files)
>
>acl bad-files url_regex -i "/home/squid/etc/bad-files"
>acl good-files url_regex "/home/squid/etc/good-files"
>
># Reloate the next line to the http_access group?
>http_access deny bad-files !good-files
>
>#
># Begin to define networks
>#
>acl Remote_Access src 192.168.0.0/16
>#
>acl Building-1 src 8.90.0.0/16
>acl Building-2 src 8.93.0.0/16
>acl Building-3 src 8.94.0.0/16
>acl Building-4 src 8.95.0.0/16
>acl Building-5 src 8.96.0.0/16
>#
>acl DMZ_1 src 192.100.0.0/16
>acl DMZ_2 src 192.17.0.0/16
>acl DMZ_3 src 192.18.0.0/16
>#
>acl ICP-ONE src 192.100.2.9
>acl ICP-TWO src 192.100.2.10
>#
># App uses port 80 for CONNECT
># Only this app should be allowed to use "CONNECT".
>#
>acl GOOD-APP dst 10.12.161.211
>#
>#
>acl manager proto cache_object
>#
># acl localhost src 127.0.0.1/255.0.0.0
>acl localhost src 127.0.0.1/32
>#
># Define Safe Ports to use.
>#
>acl Safe_ports port 21
>acl Safe_ports port 22
>acl Safe_ports port 80
>acl Safe_ports port 443 563 8087
>#
># Can I just place all of these on one line? Does it matter?
>#
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 19638
>acl Safe_ports port 8087
>#
># Define SSL Ports
>#
>acl SSL_ports port 443 563
>#
>acl CONNECT method CONNECT
>#
>#
># Everyone Else who has not been stated above as a valid Network.
>#
>acl all src 0.0.0.0/0
>
># What does this do?
>no_cache deny QUERY
>#
>
>http_access allow CONNECT GOOD-APP Safe_ports
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>
>header_access Via deny all
>header_access X-Forwarded-For deny all
>
>############################
># http_access
>############################
>#
>#
>http_access allow Building-1
>http_access allow Building-2
>http_access allow Building-3
>http_access allow Building-4
>http_access allow Building-5
>#
>http_access allow DMZ_1
>http_access allow DMZ_2
>http_access allow DMZ_3
>#
>http_access allow ICP-ONE
>http_access allow ICP-TWO
>#
>http_access allow manager localhost
>#
>http_access allow manager Building-1
>#
>#
>http_access deny manager
>http_access deny all
>
>http_reply_access allow all
>
>cache_mgr cashman@MyDomain.Edu
>
>
>visible_hostname proxy1
>
>logfile_rotate 8
>
>coredump_dir /home/squid/var/cache
>
>cache_effective_user nobody
>cache_effective_group nobody
>
># TEMP
>icp_port 3130
>
># Allow my peer (proxy2)
>icp_access allow ICP-ONE
>
># Deny everyone else.
># Be sure to edit this in case you modify or add another cache.
>#
>icp_access deny all
>
># cache_peer 192.100.1.1 sibling 8080 3130 proxy-only
>cache_peer 192.100.1.1 sibling 8080 3130
>peer_connect_timeout 10 seconds
>
># Entry added in case internet is down, squid will still start.
># You may wish to remove it.
>dns_testnames localhost
>
>-----END OF SQUID.CONF-------
>
>
Received on Tue Apr 03 2007 - 13:23:55 MDT

This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT