Problem Blocking Live streaming & U tube

Taking care of your Linux box.
asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Problem Blocking Live streaming & U tube

Postby asadsq » Sat Mar 22, 2008 11:38 am

AOA,

I am system administrator in Govt based educational institute. Our current bandwidth is 640K CIR from one of private ISP. I am using Clark Connect (www.clarkconnect.com) for Proxy, report generation & firewall. It uses Squid for proxy.
As this is educational institute we don't need Live streaming of any live channel (like Geo TV etc) or any other video based site like Utube.com or metacafe.com.
I tried alot to block all the possible extensions used by different programs like
.flv
.wma
.wmp
.f4a
.f4b
.mms
.mpeg
.mpeg2
.mpeg4
.qt
.ra
.ram
.swf
.wvx
but still no effect

Apart from that following MIME were also blocked

application/asx
application/octet-stream
application/realplay
application/sdp
application/x-director
application/x-drm
application/x-drm-v2
application/x-mplayer2
application/x-ms-wmd
application/x-ms-wmp
application/x-ms-wmz
application/x-mtx
application/x-rtsp
application/x-sdp
application/x-shockwave-flash
application/x-vlc-plugin
application/x-xvlplayer
audio/3gpp
audio/3gpp2
audio/x-pn-realaudio
video/3gpp
video/3gpp2
video/avi
video/divx
video/mp4
video/mpeg
video/msvideo
video/quicktime
video/x-dv
video/x-mpeg
video/x-ms-asf
video/x-ms-asf-plugin
video/x-ms-wm
video/x-ms-wmv
video/x-ms-wmx
video/x-ms-wvx
video/acorn-replay
video/mpeg
video/msvideo
video/quicktime
video/x-mpeg2
video/x-msvideo

but result was same (live streaming as well as real time video playing is still going on)

So after 2 weeks research i got nothing that's why i contacted this forum as last option.

So help is required in this scenario
Plz plz plz do reply me

Regards
Asad Siddiqui
Asad Zia Siddiqui
Peshawar

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Sat Mar 22, 2008 3:29 pm

post your squid rules you using for blocking these!
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Sat Mar 22, 2008 4:10 pm

AOA Brother,

Bro, usually all configurations are done through its GUI interface & 90% are configurations are done through it. So that's why my squid.conf has no reflection of all this configuration.
So i am unable to post acl's
However, if there is any server, i can upload that pages in which i have i have made these configurations.
If not then please tell me how can i do these both restrictions?

Asad
Asad Zia Siddiqui

Peshawar

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sun Mar 23, 2008 12:51 am

go to pages.google.com, and create a site. upload your configs to the site and post the link here.

alternatively, go to docs.google.com, paste the configs into a document (or two), and post the links here.
Watch out for the !
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Mon Mar 24, 2008 9:55 am

Asad Zia Siddiqui

Peshawar

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Mon Mar 24, 2008 10:50 am

Watch out for the !
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Mon Mar 24, 2008 11:10 am

Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Mon Mar 24, 2008 1:27 pm

thx bro,
i have applied that Access List but still same result :roll:
However, i am sending you my squid main configuration

http_port 8080

# webconfig: http_port_start
http_port 192.168.0.1:3128
http_port 127.0.0.1:3128
# webconfig: http_port_end

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


maximum_object_size 102400 KB
cache_dir ufs /var/spool/squid 1024 16 256

redirect_program /usr/sbin/adzapper

redirect_children 10

auth_param ntlm children 15
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 2 minutes
auth_param ntlm use_ntlm_negotiate on
#auth_param basic program <uncomment and complete this line>
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "dc=clarkconnect,dc=lan" -f "(&(objectClass=pcnProxyAccount)(uid=%s))" -h 127.0.0.1 -D "cn=manager,cn=internal,dc=clarkconnect,dc=lan" -W /etc/squid/ldap.conf -s one -v 3 -U pcnProxyPassword -d
auth_param basic children 5
auth_param basic realm ClarkConnect Community Edition - Web Proxy
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
# webconfig: acl_start
acl webconfig_lan src 192.168.0.0/24
acl webconfig_to_lan dst 192.168.0.0/24
# webconfig: acl_end
acl to_localhost dst 127.0.0.0/8
#acl password proxy_auth REQUIRED
acl password proxy_auth REQUIRED
acl privoxy dstdomain config.privoxy.org
acl SSL_ports port 443 563
acl SSL_ports port 81 10000
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 81 82 83 10000 # Web-based administration tools
acl CONNECT method CONNECT
acl pcntime-New time MTWHFA 05:15-23:15
acl pcngroup-Deny arp 00:30:4F:2D:8F:93 00:18:6E:80:EB:40 00:16:E0:AF:C6:40 00:02:A5:2B:B1:09 00:02:A5:0F:0F:6F 00:50:FC:88:9B:D6 00:18:6E:80:E7:C0 00:1D:09:12:BA:E2

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports


acl our_networks src 192.168.0.0/24 192.168.1.0/24 192.168.2.0/24
acl pcngroup-MOre src 192.168.1.1-192.168.1.250 192.168.2.1-192.168.2.250
acl pcntime-More time SMTWHFA 01:00-23:00
acl pcngroup-IPBlock src 192.168.1.125 192.168.0.215
acl block rep_mime_type video/flv .flv
http_access allow our_networks


# And finally deny all other access to this proxy

http_reply_access deny block
http_access deny privoxy
http_access allow localhost
http_access deny pcngroup-Deny pcntime-New
http_access deny pcngroup-IPBlock !pcntime-More
http_access allow pcngroup-MOre pcntime-New
http_access allow webconfig_to_lan
http_access allow webconfig_lan
http_access deny all

http_reply_access allow all

icp_access allow all

reply_body_max_size 52428800 allow all


httpd_accel_host virtual
httpd_accel_port 80

error_directory /etc/squid/errors


Plz now suggest me some thing in order to block these live streaming as well as online video viewing sites

Regards
Asad Siddiqui
Asad Zia Siddiqui

Peshawar

irfanbhatti
Havaldaar
Posts: 145
Joined: Fri Jun 03, 2005 12:19 pm
Location: Rawalpindi Islamabad
Contact:

Postby irfanbhatti » Mon Mar 24, 2008 4:40 pm

mime.conf
\.flv$ flash/movie anthony-movie.gif - image +download
squid.conf
acl block rep_mime_type video/flv
http_reply_access deny block

it's works for Me
Last edited by irfanbhatti on Mon Mar 24, 2008 5:55 pm, edited 2 times in total.
Muhammad Irfan
03335246272

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Mon Mar 24, 2008 4:53 pm

Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Tue Mar 25, 2008 9:23 am

Asad Zia Siddiqui

Peshawar

x2oxen
Major General
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Location: Faisalabad
Contact:

Postby x2oxen » Tue Mar 25, 2008 11:37 am

Muhammad Usman

+92-321-6640501

Chemonics International

http://usmanpk.com

irfanbhatti
Havaldaar
Posts: 145
Joined: Fri Jun 03, 2005 12:19 pm
Location: Rawalpindi Islamabad
Contact:

Postby irfanbhatti » Tue Mar 25, 2008 11:48 am

Muhammad Irfan

03335246272

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Tue Mar 25, 2008 12:22 pm

No Bro,
i am not using transparent proxy, i have disabled this feature & user have to enter IP & port in browser in order to have browsing services.
& X2Oxen & Irfan
still after applying mime & acl still there is problem & i am still able to browse.

Settings are
squid.conf
acl block rep_mime_type video/flv
http_reply_access deny block
http_access allow our_networks

mime.conf

\.flv$ flash/movie anthony-movie.gif - image +download

Plz help me now
n thx for ur replies
Asad Zia Siddiqui

Peshawar

asadsq
Lance Naik
Posts: 48
Joined: Fri Feb 22, 2008 3:10 pm
Location: Peshawar
Contact:

Postby asadsq » Tue Mar 25, 2008 3:37 pm

Also applied instructions according to mentioned site

http://wiki.squid-cache.org/KnowledgeBa ... gMimeTypes

still no luck

Sites are opening, when movie are clicked, some times works & some time not. I dono its because of bandwidth or due to acl
Asad Zia Siddiqui

Peshawar


Return to “Administration”

Who is online

Users browsing this forum: No registered users and 1 guest