[squid-users] spotify blocked by squid

Jonathan Filogna jonathan.filogna at tasso.com.ar
Wed Jun 10 17:44:39 UTC 2015 

FYI access.log

1433958220.321    227 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4370 proxyvipstr DIRECT/127.0.0.1 -
1433958220.421      2 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4371 proxyvipstr DIRECT/127.0.0.1 -
1433958220.595      3 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4372 proxyvipstr DIRECT/127.0.0.1 -
1433958220.664      2 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4373 proxyvipstr DIRECT/127.0.0.1 -
1433958220.795      2 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4374 proxyvipstr DIRECT/127.0.0.1 -
1433958220.812      1 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4375 proxyvipstr DIRECT/127.0.0.1 -
1433958220.824      2 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4376 proxyvipstr DIRECT/127.0.0.1 -
1433958220.838      1 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4377 proxyvipstr DIRECT/127.0.0.1 -
1433958220.853      1 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4378 proxyvipstr DIRECT/127.0.0.1 -
1433958220.877      3 192.168.27.81 TCP_MISS/504 0 CONNECT
wevhbpyvhx.spotilocal.com:4379 proxyvipstr DIRECT/127.0.0.1 -


2015-06-10 14:39 GMT-03:00 Jonathan Filogna <jonathan.filogna at tasso.com.ar>:

> Hi all, it's me  again, just a simple question
>
> I've configured an squid 2.7 with ntlm auth and i want to let some AD
> users to listen spotify
>
> My problem is that spotify streaming is being blocked by squid to this
> group and idk why. Maybe another syntax problem?
>
> here's my squid.conf
>
>
> ###########################SQUID.CONF
>
> visible_hostname prana
>
> auth_param ntlm program /usr/bin/ntlm_auth
> --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
> auth_param ntlm keep_alive on
>
>
> external_acl_type ntlm_group ttl=3600 children=100 %LOGIN /usr/lib/squid/
> wbinfo_group.pl
>
>
> acl porno url_regex -i "/etc/squid/listas/porno.lst"
> acl permitidos dstdomain -i "/etc/squid/listas/permitidos.lst"
> acl directo url_regex -i "/etc/squid/listas/direct.lst"
> acl vidyaud rep_mime_type -i "/etc/squid/listas/blockstr.lst"
> acl useragent browser -i "/etc/squid/blockejec/browser.lst"
> acl blockstr req_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
> acl blockejec url_regex -i "/etc/squid/blockejec/blockejec.lst"
> acl audyvid req_mime_type -i "/etc/squid/listas/blockstr.lst"
> acl blockstr2 rep_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
> acl destinolimitado dstdomain -i "/etc/squid/listas/limitado.lst"
>
> acl all src all
> acl CONNECT method CONNECT
> acl manager proto cache_object
> acl webserver src 192.168.8.121/255.255.255.255
> http_access allow manager webserver
> http_reply_access allow manager webserver
> http_access deny manager
>
> http_access deny porno all
> http_reply_access deny porno all
> acl uservipstr external ntlm_group "/etc/squid/listas/uservipstr.lst"
>
> http_access deny blockejec uservipstr
>
> http_access allow uservipstr
> http_reply_access allow uservipstr
>
> http_access deny blockstr !uservipstr all
> http_reply_access deny blockstr !uservipstr all
> http_access deny blockstr2 !uservipstr all
> http_reply_access deny blockstr2 !uservipstr all
> http_access deny audyvid !uservipstr all
> http_access deny vidyaud !uservipstr all
> http_reply_access deny audyvid !uservipstr all
> http_reply_access deny vidyaud !uservipstr all
>
> acl SSL_ports port 443 # https
> acl SSL_ports port 563 # snews
> acl SSL_ports port 873 # rsync
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl Safe_ports port 631 # cups
> acl Safe_ports port 873 # rsync
> acl Safe_ports port 901 # SWAT
> acl Safe_ports port 78 69 #Spotify
>
>
>
> # Deny requests to unknown ports
> #http_access allow Safe_ports
> http_access deny !Safe_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
>
> acl ntlm proxy_auth REQUIRED
> http_access allow ntlm
> http_reply_access allow ntlm
> http_access deny all
> http_reply_access deny all
>
> ###########
>
> thank you all
>
> --
> Jonathan Filogna
> It Senior
> Tasso SRL
> 4702 1910
>



-- 
Jonathan Filogna
It Senior
Tasso SRL
4702 1910
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150610/0f37e3bc/attachment-0001.html>

More information about the squid-users mailing list