Howto restrict icq via squid?

[Timur]

1. Can you tell me how to restrict icq access through squid?
2. Also, can you tell how to filter banners of icq?
3. Howto filter jpg and gif pictures by squid?


Thank you.

[Ricky]

Well to restrict ICQ u need to tell us that wht port exactly the ICQ use..

And if banners are images as u said jpg or gif then u can use following to block them

Code: [Select]

acl badURL url_regex -i gif jpeg
http_access deny badUrl
http_access allow myNet
http_access deny all
!!

[Timur]

Icq uses:
1. for login: login.icq.com and port 443
2. proxy settings: 192.168.0.88 port 3128 (squid)

[Ricky]

Hello..
the port 443 is used of https so we can't blcok.. otherwise it u will not able to open various others sites too.. so.. I suggest u to block all url containing the word icq..
So u can use above example with using icq instead of jpg or gif..

[Timur]

Thank you very much. One more think what does the option "-i" stands for in the script for blocking jpg and gif and icq?

[Timur]

Ricky, can you tell one thing. If I block jpg and gif pictures we use less traffic and hence pay less to our ISP than if you were not blocking pictures?

[Ricky]

" -i  " is used to make the url case-insensitive..

[Timur]

Ricky, can you tell one thing. If I block jpg and gif pictures we use less traffic and hence pay less to our ISP than if you were not blocking pictures?

[Ricky]

Ya it will reduce bandwidth .. but i think u should block .\swf$ also ie.. flash animations.. but ... u can use junkbuster instead of proxy if u need less bandwidth usage.. btw i hav not used junkbuster yet..

[Timur]

Ricky, do you have a script for squid.conf which can substitute banners in icq welcome-page and in the icq window with something else (with a banner developed by me)?

[Ricky]

Man.. I think I should see how ICQ work.. b'cause i have ICQ only once..

[Timur]

Ricky, I have a problem with connecting mIRC via squid. Can you tell me what settings to put in the mIRC in order to get it connected thru squid.

Thanks a lot in advance!

[Ricky]

man i have never used Mirc..
BTW.. if you are using transparent proxy then it will simply work without doing anything but if you are using proxy then u have to specify ports . so as squid use single port usually "3128" to do every thing then u have to enter 3128 as port and ip of squid machine as host.

[Timur]

Ricky, I have a problem with deny_info tag.
I found a script which blocks banners for icq and replace them with other banners. I did everything as was written:

acl nobanners src 0/0
acl icq-begin url_regex "/usr/local/etc/squid/icq-begin.acl"
http_access deny nobanners icq-begin
deny_info http://localhost/icq-begin.html icq-begin

acl icq-banner url_regex "/usr/local/etc/squid/icq-banner.acl"
http_access deny nobanners icq-banner
deny_info http://localhost/icq-banner.html icq-banner

icq-begin.html (saved in /var/www/html):
<html>
<body>
<table valign="center" halign="center" width=100% height=94% vspace=0 hspace=0>
<tr><td>
<center>Administration greets you!</center>
<br>
<center><b>Empty (No banner)</b></center>
</td></tr>
</table>
Web-page: <a href="http://www.your.site/">http://www.your.site</a>
</body>
</html>


icq-begin.acl (saved in /etc/squid):
web\.icq\.com/welcome


icq-banner.html (saved in /var/www/html):
<html>
<head>
<title>Welcome to ICQ 2000a </title>
</head>
<!-- "ICQWidth=150" "ICQHeight=55" -->
<body bgcolor="white">
<!-- Ate Windows options -->
<table width="100%" border="0">
<tr>
       <td align="CENTER" valign="MIDDLE">
           <!-- Icons and Banner -->
           <b><a href="mailto:" target="_new">Is ICQ necessary for your work? If not, then quit!</a><br><br>
           Administration</b>
           <!-- /// Icons and Banner -->
</table>
</body>
</html>

icq-banner.acl (saved in /etc/squid):
cdn\.icq\.com/client/ate/


At the end, when I restart squid, it gives me errors with deny_info. Can you tell me what can be wrong with this code?

Thanks man!

[Ricky]

Can u give me the link where u find the script.. ?