Full Disclosure mailing list archives

Re: Blocking Skype

From: Andrew McGill <andrew2005 () ledge co za>
Date: Mon, 14 Nov 2005 13:08:56 +0200 (SAST)

Polarizer wrote,

acl connect method CONNECT


This line is not necessary since standard squid.conf contains this line:

acl CONNECT method CONNECT

so simply use the uppercase version (squid does not check upper and lower case
in acl names)

# Apply your acls
http access deny connect numerics_IPs all


Respect :O) Two typos in just one line. With CONNECT mentioned above:

http_access deny CONNECT numeric_IPs all

instead of

http access deny connect numerics_IPs all

BTW: I'm sure, it will break a lot of other things but skype, too.


Allowing only authenticated web access blocks skype:

        acl PASSWORD proxy_auth REQUIRED
        http_access allow PASSWORD
        http_access deny all

Admittedly, this was the configuration, and it was impossible to 
*allow* skype.  Although Skype understands the concept of a proxy 
server, it doesn't understand the concept of authentication --or 
at least, when it really matters, it doesn't try to authenticate, 
very much like MSN messenger. NTLM auth would block it even 
harder, I suspect.

&:-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Blocking Skype dsluser (Nov 13)
- RE: Blocking Skype Aditya Deshmukh (Nov 13)
- Re: Blocking Skype Kevin (Nov 14)
- <Possible follow-ups>
- Re: Blocking Skype Polarizer (Nov 14)
  - Re[2]: Blocking Skype phased (Nov 14)
  - Re: Blocking Skype Andrew McGill (Nov 14)
  - Re: Blocking Skype Peter van den Heuvel (Nov 14)
  - Message not available
    - Re: Blocking Skype Polarizer (Nov 14)
- Blocking Skype dsluser (Nov 14)