[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Blocking Skype

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Blocking Skype
From: Andrew McGill <andrew2005@xxxxxxxxxxx>
Date: Mon, 14 Nov 2005 13:08:56 +0200 (SAST)

Polarizer wrote,

> > acl connect method CONNECT
> 
> This line is not necessary since standard squid.conf contains this line:
> 
> acl CONNECT method CONNECT
> 
> so simply use the uppercase version (squid does not check upper and lower case
> in acl names)
> 
> > # Apply your acls
> > http access deny connect numerics_IPs all
> 
> Respect :O) Two typos in just one line. With CONNECT mentioned above:
> 
> http_access deny CONNECT numeric_IPs all
> 
> instead of
> 
> http access deny connect numerics_IPs all
> 
> BTW: I'm sure, it will break a lot of other things but skype, too.

Allowing only authenticated web access blocks skype:

        acl PASSWORD proxy_auth REQUIRED
        http_access allow PASSWORD
        http_access deny all

Admittedly, this was the configuration, and it was impossible to 
*allow* skype.  Although Skype understands the concept of a proxy 
server, it doesn't understand the concept of authentication --or 
at least, when it really matters, it doesn't try to authenticate, 
very much like MSN messenger. NTLM auth would block it even 
harder, I suspect.

&:-)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Blocking Skype
  - From: Polarizer

Prev by Date: Re[2]: [Full-disclosure] Blocking Skype
Next by Date: Re: [Full-disclosure] Blocking Skype
Previous by thread: Re[2]: [Full-disclosure] Blocking Skype
Next by thread: Re: [Full-disclosure] Blocking Skype
Index(es):
- Date
- Thread