<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
-----BEGIN PGP SIGNED MESSAGE----- <br>
Hash: SHA256 <br>
<br>
Just for information:<br>
<br>
<a class="moz-txt-link-freetext" href="http://pastebin.com/dBYV9Zzb">http://pastebin.com/dBYV9Zzb</a><br>
<br>
Here is completely actual Cisco NBAR filtering capabilities from one
of my front 2901 with IOS 15.5 + actual NBAR2 protocol pack.<br>
<br>
Just take a look. You can see there P2P, Torrents, FB, YT,
etc.etc.etc.<br>
<br>
Not as Squid's antagonist - but just as attitional tools to filter.<br>
<br>
Note: Cisco also has time-based ACL's.<br>
<br>
05.05.16 3:28, Yuri Voinov пишет:<br>
<span style="white-space: pre;">><br>
> Finally,<br>
><br>
> read this thread too:<br>
><br>
> <a class="moz-txt-link-freetext" href="http://www.spinics.net/lists/squid/msg81113.html">http://www.spinics.net/lists/squid/msg81113.html</a><br>
><br>
> Some questions already answered here.<br>
><br>
> 05.05.16 3:26, Yuri Voinov пишет:<br>
><br>
><br>
> > As a part of solution I recommend (by my own
experience)<br>
> consider to use this:<br>
><br>
><br>
><br>
> >
<a class="moz-txt-link-freetext" href="https://www.urlfilterdb.com/products/ufdbguard.html">https://www.urlfilterdb.com/products/ufdbguard.html</a><br>
><br>
><br>
><br>
> > But I repeat: this is NOT magic button "Disable
all". This is<br>
> relatively effective tool to block categories.<br>
><br>
><br>
><br>
> > This is only URL/HTTP based tool, which required
some more<br>
> forces to use it with HTTPS.<br>
><br>
> > And this can't be other means to replace when it
comes to<br>
> other protocols.<br>
><br>
><br>
><br>
> > Squid is only HTTP/HTTPS proxy. Not at all
existing<br>
> protocols.<br>
><br>
><br>
><br>
> > 05.05.16 3:18, Yuri Voinov пишет:<br>
><br>
><br>
><br>
><br>
><br>
> > > Generally, for effective blocking of
everything<br>
> better design<br>
><br>
> > would first consider - as everyone and
everything is<br>
> engeneered,<br>
><br>
><br>
><br>
> > > and then look for the magic button "to
disable all<br>
> to hell."<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > Then it becomes clear what is possible
and what<br>
> means - and<br>
><br>
> > what is not.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > Especially P2P - this is at all not
about Squid.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > 05.05.16 3:11, Yuri Voinov пишет:<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Facebook uses Akamai as
background CDN,<br>
> so you<br>
><br>
> > need to block<br>
><br>
><br>
><br>
> > > Akamai (related URL's, which can
be<br>
> difficult, so<br>
><br>
> > consider to use<br>
><br>
><br>
><br>
> > > Cisco NBAR DPI functionality).
too in case<br>
> to<br>
><br>
> > completely block FB.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > YT still uses QUIC/SPDY, so
read this<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
>
<a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol">http://wiki.squid-cache.org/KnowledgeBase/Block%20QUIC%20protocol</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > About P2P/Torrents said
enough here<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > ><br>
><br>
><br>
>
<a class="moz-txt-link-freetext" href="http://wiki.squid-cache.org/ConfigExamples/TorrentFiltering">http://wiki.squid-cache.org/ConfigExamples/TorrentFiltering</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Note: Using Cisco NBAR
required valid<br>
> service<br>
><br>
> > contract.<br>
><br>
><br>
><br>
> > > Protocol packs is not lying at
all angles,<br>
> and are<br>
><br>
> > updated<br>
><br>
><br>
><br>
> > > monthly.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > 05.05.16 3:04, Maile
Halatuituia пишет:<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > > Someone with
ideas on how<br>
> to block<br>
><br>
><br>
><br>
> > > Facebook,Youtube, P2P<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Traffic though my
squid box.<br>
> Facebook seems<br>
><br>
> > to be<br>
><br>
><br>
><br>
> > > working but<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > likely some users
bypass to<br>
> youtube.com and<br>
><br>
> > the rest<br>
><br>
><br>
><br>
> > > are blocked.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > Also am looking to
block P2P<br>
> traffic , BITS<br>
><br>
> > proticols,<br>
><br>
><br>
><br>
> > > etc etc<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > > Cheers<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > > Confidentiality
Notice: This<br>
> email<br>
><br>
> > (including any<br>
><br>
><br>
><br>
> > > attachment)<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > is intended for
internal use<br>
> only. Any<br>
><br>
> > unauthorized<br>
><br>
><br>
><br>
> > > use,<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > dissemination or
copying of the<br>
> content is<br>
><br>
> > prohibited.<br>
><br>
><br>
><br>
> > > If you are<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > not the intended
recipient and<br>
> have received<br>
><br>
> > this<br>
><br>
><br>
><br>
> > > e-mail in error,<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > please notify the
sender by email<br>
> and delete<br>
><br>
> > this email<br>
><br>
><br>
><br>
> > > and any<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > attachment.<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > ><br>
><br>
> >
_______________________________________________<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > > squid-users
mailing list<br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > ><br>
> <a class="moz-txt-link-abbreviated" href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
> > > > ><br>
><br>
> >
<a class="moz-txt-link-freetext" href="http://lists.squid-cache.org/listinfo/squid-users">http://lists.squid-cache.org/listinfo/squid-users</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
></span><br>
<br>
-----BEGIN PGP SIGNATURE-----
<br>
Version: GnuPG v2
<br>
<br>
iQEcBAEBCAAGBQJXKmzYAAoJENNXIZxhPexGPB4H/1YUfoeFVgVChaD1qj/8EEhE
<br>
apmfM15P+5Aia3qJQLWCMTTgnA206sj8KglnxBWPS/LsC+kMEFW/d62W2BAH9POv
<br>
xDfsZ/qn4N2YbiKbqa+2ul3lY2OGCEb3nZY/ZiRy9JBfK+vrh3ZArcapEuWwMrKw
<br>
mDqC/EAtbaWvJz+m/zy1mPCfOHEe59N1CV/PZuqOp20a4KsISLxvWXEyTZ2vXt9a
<br>
P2DDhl1+VeTE48NSv8p8WB6Aam7tdp3wxpN8mMubMhOYs6Bf+KOHEZmKm25ZrpgE
<br>
4WVXbO3OBb3Zs73tF1LKmu3p/Hm46AUn733NDPFI9+CUp3QxN0QYdh1C23H8GYA=
<br>
=aCxH
<br>
-----END PGP SIGNATURE-----
<br>
<br>
</body>
</html>