Re: [squid-users] miranda

From: Peter Marshall <peter.marshall@dont-contact.us>
Date: Mon, 27 Mar 2006 09:36:39 -0400

As far as actual server set up .. we have an internal Firewall that does
  not route to anything that I do not set up by hand. The proxy is a
stand alone box in the DMZ, and then we have an external Firewall.

internal - :firewall:| DMZ - Proxy - |:external Firewall:| Web

Peter Marshall wrote:
> http_port 192.168.1.254:8080
> http_port 127.0.0.1:8082
> http_port a.b.c.5:8081
> icp_port 0
> #http_port 8080
> #snmp_port 3401
> #snmp_port 161
> cache_mem 256 MB
> cache_dir ufs /usr/local/squid/var/cache 8000 16 256
> debug_options ALL,1 33,2
> emulate_httpd_log on
> forwarded_for off
>
> acl public snmp_community public
>
> acl all src 0.0.0.0/0.0.0.0
> acl localhost src 127.0.0.1/255.255.255.255
> acl caris_int src 192.168.200.0/255.255.248.0
> acl caris_dmz src a.b.c.0/255.255.255.192
>
> acl admin_lst src 192.168.202.73/32 192.168.200.122/32
> acl admin_lst2 src 192.168.202.73/32 192.168.202.75/32 192.168.201.26/32
> acl ALLOW_WIN_UP src 192.168.200.3/32 192.168.202.3/32 192.168.202.90
> 192.168.200.32 192.168.200.10 192.168.200.23 192.168.200.122
> 205.174.164.51 192.168.201.65 192.168.201.77 192.168.201.106
>
> acl forcerobak src 192.168.100.0/24 205.174.164.50/32
> acl aca src 192.168.90.0/24
>
> acl Safe_ports port 21 80 88 443 563 2095 3915 4500 7778 8000 8020 8070
> 8090 8080 8081 8087 8096 8030 8194 8585 8765 8988 9000 9443 16080 19638
> #acl Safe_ports port 21 80 443 563 8080 8081 8030 1025-65535
>
> http_access allow localhost
> acl manager proto cache_object
> http_access allow manager localhost
>
> acl PURGE method PURGE
> http_access allow PURGE localhost
> http_access deny PURGE
>
> acl snmpServer src 192.168.202.73/32
>
> acl ICQ url_regex -i .icq.com
> acl MSN req_mime_type ^application/x-msn-messenger$
> acl STREAM rep_mime_type ^application/octet-stream$
> acl YAHOO url_regex .msg.yahoo.com
> acl CHAT url_regex -i webmessenger .webmessenger .messenger.*
> messenger.yahoo gateway.dll messenger.msn mirc icq.com go.icq
> miranda-im.org
> acl DICT url_regex -i dictionary.reference.com
> acl MICROSOFT url_regex -i .windowsupdate
> acl banned_types url_regex -i .mpeg$ .mpg$ .avi$ .wmv$ .mp3$ \.rm$ .asf$
> .wma$ \.ram$ \.aif$ \.ra$ .asx$
> # acl banned_types2 url_regex -i .mpeg* .mpg* .avi* .wmv* .mp3* .rm*
> .asf* .wma* .ram* .aif* .ra* .asx*
> acl INTERNAL url_regex caris.priv
> acl VIRUS url_regex -i genmexe.biz
> acl TROJAN url_regex -i gookle
> acl WEBMSN url_regex -i .webmessenger.msn.com
> acl EMESS url_regex -i .e-messenger.net .webmessenger.msn.com/* iloveim.com
> acl TALK url_regex -i .google.com/talk talk.google.com .google.com/talk*
> .google.*/talk*
> acl WEB1 url_regex -i .caris.com/* .caris.com
> acl GTALK url_regex -i .google.com/mail/im/*
> .google.com/mail/channel/bind .google.com/mail/channel/bind/*
> acl GTALK_FIX url_regex -i .google.com/mail/images/*
>
> snmp_access deny !snmpServer
>
> http_access allow GTALK_FIX all
> http_access deny GTALK all
>
> # http_access deny block_user
>
> # http_access allow !Safe_ports admin_lst
> http_access allow !Safe_ports forcerobak
> http_access deny !Safe_ports
>
> http_access deny TROJAN
>
> ## Do not want to block searches of words
> ## ex, besmirce has mirc in it.
> http_access allow DICT all
>
> http_access allow CHAT admin_lst
> http_access allow YAHOO forcerobak
> http_access allow ICQ forcerobak
> http_access allow TALK forcerobak
> http_access allow MSN forcerobak
> http_access allow WEBMSN forcerobak
> http_access allow CHAT forcerobak
>
> http_access allow WEBMSN admin_lst2
> http_access allow MSN admin_lst
> http_access allow TALK admin_lst
>
> http_access allow ICQ admin_lst
> http_access allow MSN aca
> http_access allow ICQ aca
>
> http_access deny MSN
> http_access deny ICQ
> http_access deny YAHOO
> http_access deny CHAT
> http_access deny VIRUS
> http_access deny WEBMSN
> http_access deny EMESS
> http_access deny TALK
>
> # http_reply_access allow STREAM admin_lst
> #http_reply_access deny STREAM
>
> http_access allow MICROSOFT admin_lst
> http_access allow MICROSOFT forcerobak
> http_access allow MICROSOFT aca
> http_access allow MICROSOFT ALLOW_WIN_UP
> http_access deny MICROSOFT
>
> http_access allow banned_types admin_lst
> http_access deny banned_types
>
> http_access allow forcerobak
> http_access allow aca
> http_access allow admin_lst
> http_access allow caris_int
> http_access allow caris_dmz
>
> http_access deny all
>
> Nikos Zaharioudakis wrote:
>
>> On 3/24/06, Peter Marshall <peter.marshall@caris.com> wrote:
>>
>>> I am trying to figure out how some users are using Miranda to get past
>>> my squid rules. normally, msn, icq, gtalk, yahoo messenger, etc will
>>> not work, however, a few users have figured out how to get around this,
>>> and I have not been able to figure out how.
>>>
>>> Does anyone have any suggestions ?
>>>
>>> Thanks
>>>
>>
>>
>> Would you mind tell us a little more about current network topology
>> and internet connection?
>> Or perhaps your squid rules to see what is going on.
>>
>>
>> Best regards,
>> --
>> ########################################3
>> Zaharioudakis Nikos
>> mob: +30 6947204063
>> A: Because it messes up the order in which people normally read text.
>> Q: Why is top-posting such a bad thing?
>> A: Top-posting.
>> Q: What is the most annoying thing on usenet and in e-mail?
Received on Mon Mar 27 2006 - 06:36:07 MST

This archive was generated by hypermail pre-2.1.9 : Sat Apr 01 2006 - 12:00:04 MST