Linux Forums - Linux Help,Advice & support community:LinuxSolved.com

Network Troublshooting => Linux Servers Support => Topic started by: Timur on March 15, 2004, 05:14:27 AM

Title: Howto restrict icq via squid?
Post by: Timur on March 15, 2004, 05:14:27 AM

1. Can you tell me how to restrict icq access through squid?
2. Also, can you tell how to filter banners of icq?
3. Howto filter jpg and gif pictures by squid?


Thank you.

Title: Howto restrict icq via squid?
Post by: Ricky on March 15, 2004, 09:31:13 AM

Well to restrict ICQ u need to tell us that wht port exactly the ICQ use..

And if banners are images as u said jpg or gif then u can use following to block them

Code: [Select]

acl badURL url_regex -i gif jpeg
http_access deny badUrl
http_access allow myNet
http_access deny all
!!

Title: Howto restrict icq via squid?
Post by: Timur on March 15, 2004, 10:29:14 AM

Icq uses:
1. for login: login.icq.com and port 443
2. proxy settings: 192.168.0.88 port 3128 (squid)

Title: Howto restrict icq via squid?
Post by: Ricky on March 15, 2004, 11:00:59 AM

Hello..
the port 443 is used of https so we can't blcok.. otherwise it u will not able to open various others sites too.. so.. I suggest u to block all url containing the word icq..
So u can use above example with using icq instead of jpg or gif..

Title: Howto restrict icq via squid?
Post by: Timur on March 15, 2004, 11:13:52 AM

Thank you very much. One more think what does the option "-i" stands for in the script for blocking jpg and gif and icq?

Title: Howto restrict icq via squid?
Post by: Timur on March 15, 2004, 11:56:14 AM

Ricky, can you tell one thing. If I block jpg and gif pictures we use less traffic and hence pay less to our ISP than if you were not blocking pictures?

Title: Howto restrict icq via squid?
Post by: Ricky on March 15, 2004, 11:56:43 AM

" -i  " is used to make the url case-insensitive..

Title: Howto restrict icq via squid?
Post by: Timur on March 15, 2004, 12:58:26 PM

Ricky, can you tell one thing. If I block jpg and gif pictures we use less traffic and hence pay less to our ISP than if you were not blocking pictures?

Title: Howto restrict icq via squid?
Post by: Ricky on March 15, 2004, 02:39:12 PM

Ya it will reduce bandwidth .. but i think u should block .\swf$ also ie.. flash animations.. but ... u can use junkbuster instead of proxy if u need less bandwidth usage.. btw i hav not used junkbuster yet..

Title: Howto restrict icq via squid?
Post by: Timur on March 16, 2004, 05:23:11 AM

Ricky, do you have a script for squid.conf which can substitute banners in icq welcome-page and in the icq window with something else (with a banner developed by me)?

Title: Howto restrict icq via squid?
Post by: Ricky on March 16, 2004, 10:33:06 AM

Man.. I think I should see how ICQ work.. b'cause i have ICQ only once..

Title: Howto restrict icq via squid?
Post by: Timur on March 16, 2004, 01:08:14 PM

Ricky, I have a problem with connecting mIRC via squid. Can you tell me what settings to put in the mIRC in order to get it connected thru squid.

Thanks a lot in advance!

Title: Howto restrict icq via squid?
Post by: Ricky on March 17, 2004, 06:19:17 AM

man i have never used Mirc..
BTW.. if you are using transparent proxy then it will simply work without doing anything but if you are using proxy then u have to specify ports . so as squid use single port usually "3128" to do every thing then u have to enter 3128 as port and ip of squid machine as host.

Title: Howto restrict icq via squid?
Post by: Timur on March 17, 2004, 01:04:38 PM

Ricky, I have a problem with deny_info tag.
I found a script which blocks banners for icq and replace them with other banners. I did everything as was written:

acl nobanners src 0/0
acl icq-begin url_regex "/usr/local/etc/squid/icq-begin.acl"
http_access deny nobanners icq-begin
deny_info http://localhost/icq-begin.html icq-begin

acl icq-banner url_regex "/usr/local/etc/squid/icq-banner.acl"
http_access deny nobanners icq-banner
deny_info http://localhost/icq-banner.html icq-banner

icq-begin.html (saved in /var/www/html):
<html>
<body>
<table valign="center" halign="center" width=100% height=94% vspace=0 hspace=0>
<tr><td>
<center>Administration greets you!</center>
<br>
<center><b>Empty (No banner)</b></center>
</td></tr>
</table>
Web-page: <a href="http://www.your.site/">http://www.your.site</a>
</body>
</html>


icq-begin.acl (saved in /etc/squid):
web\.icq\.com/welcome


icq-banner.html (saved in /var/www/html):
<html>
<head>
<title>Welcome to ICQ 2000a </title>
</head>
<!-- "ICQWidth=150" "ICQHeight=55" -->
<body bgcolor="white">
<!-- Ate Windows options -->
<table width="100%" border="0">
<tr>
       <td align="CENTER" valign="MIDDLE">
           <!-- Icons and Banner -->
           <b><a href="mailto:" target="_new">Is ICQ necessary for your work? If not, then quit!</a><br><br>
           Administration</b>
           <!-- /// Icons and Banner -->
</table>
</body>
</html>

icq-banner.acl (saved in /etc/squid):
cdn\.icq\.com/client/ate/


At the end, when I restart squid, it gives me errors with deny_info. Can you tell me what can be wrong with this code?

Thanks man!

Title: Howto restrict icq via squid?
Post by: Ricky on March 17, 2004, 01:17:02 PM

Can u give me the link where u find the script.. ?

Title: Howto restrict icq via squid?
Post by: Timur on March 18, 2004, 04:03:35 AM

It's actually a russian site. I hope this will help.

http://pupkov.ru/unix/squid-acl.phtml

Title: Howto restrict icq via squid?
Post by: Ricky on March 18, 2004, 06:15:24 AM

The script is right.. Let me test myself then i will tell u!!

Title: Howto restrict icq via squid?
Post by: Timur on March 19, 2004, 07:09:11 AM

Ricky, did icq-banner blocker work?