[squid-users] spotify blocked by squid

Jonathan Filogna jonathan.filogna at tasso.com.ar
Wed Jun 10 17:39:06 UTC 2015


Hi all, it's me  again, just a simple question

I've configured an squid 2.7 with ntlm auth and i want to let some AD users
to listen spotify

My problem is that spotify streaming is being blocked by squid to this
group and idk why. Maybe another syntax problem?

here's my squid.conf


###########################SQUID.CONF

visible_hostname prana

auth_param ntlm program /usr/bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
auth_param ntlm keep_alive on


external_acl_type ntlm_group ttl=3600 children=100 %LOGIN /usr/lib/squid/
wbinfo_group.pl


acl porno url_regex -i "/etc/squid/listas/porno.lst"
acl permitidos dstdomain -i "/etc/squid/listas/permitidos.lst"
acl directo url_regex -i "/etc/squid/listas/direct.lst"
acl vidyaud rep_mime_type -i "/etc/squid/listas/blockstr.lst"
acl useragent browser -i "/etc/squid/blockejec/browser.lst"
acl blockstr req_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
acl blockejec url_regex -i "/etc/squid/blockejec/blockejec.lst"
acl audyvid req_mime_type -i "/etc/squid/listas/blockstr.lst"
acl blockstr2 rep_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
acl destinolimitado dstdomain -i "/etc/squid/listas/limitado.lst"

acl all src all
acl CONNECT method CONNECT
acl manager proto cache_object
acl webserver src 192.168.8.121/255.255.255.255
http_access allow manager webserver
http_reply_access allow manager webserver
http_access deny manager

http_access deny porno all
http_reply_access deny porno all
acl uservipstr external ntlm_group "/etc/squid/listas/uservipstr.lst"

http_access deny blockejec uservipstr

http_access allow uservipstr
http_reply_access allow uservipstr

http_access deny blockstr !uservipstr all
http_reply_access deny blockstr !uservipstr all
http_access deny blockstr2 !uservipstr all
http_reply_access deny blockstr2 !uservipstr all
http_access deny audyvid !uservipstr all
http_access deny vidyaud !uservipstr all
http_reply_access deny audyvid !uservipstr all
http_reply_access deny vidyaud !uservipstr all

acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 78 69 #Spotify



# Deny requests to unknown ports
#http_access allow Safe_ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

acl ntlm proxy_auth REQUIRED
http_access allow ntlm
http_reply_access allow ntlm
http_access deny all
http_reply_access deny all

###########

thank you all

-- 
Jonathan Filogna
It Senior
Tasso SRL
4702 1910
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150610/a7eaf10d/attachment.html>


More information about the squid-users mailing list