Squid : Skype Access Controls

最新推荐文章于 2019-11-04 11:21:50 发布

u014461454

最新推荐文章于 2019-11-04 11:21:50 发布

阅读量624

点赞数

分类专栏： LINUX

本文链接：https://blog.csdn.net/hawht/article/details/22684453

版权

LINUX 专栏收录该内容

212 篇文章 0 订阅

订阅专栏

来自： http://wiki.squid-cache.org/ConfigExamples/Chat/Skype

Skype Access Controls

Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.

Squid Configuration File

Configuration file to Include:

Since FTP uses numeric IPs the Skype ACL must be exact including the port.

Blocking

# Skype

acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443

acl Skype_UA browser ^skype^

http_access deny numeric_IPS

http_access deny Skype_UA

Recent releases of Skype have been evading the above restriction by not sending their User-Agent headers and using domain names. The following can be used to catch those installs, but be aware it will likely also catch other agents.

acl validUserAgent browser \S+

http_access deny !validUserAgent

Permitting

This needs to be done before any restrictive CONNECT http_access controls.

acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443

acl Skype_UA browser ^skype^

http_access allow CONNECT localnet numeric_IPS Skype_UA

Note that Skype prefers the port 443 which is by default enabled in Squid anyway so this configuration is only needed when you block HTTPS access through the proxy.