Hello all,

Sometime ago my CentOS squid server crashed due to old hardware. So wanted to put a new one. Did not have CentOS, so put RHEL5 with squid working well in transparent mode.

Now I want to block Gtalk messenger application. I had done this earlier by blocking 5222 port in iptables, but it was pidgin then.
This rule does not work for Gtalk messenger.

I tried blocking several ports but none of them is working. Finally I blocked all the ports after 1024 in disgust but as expected internet also stopped as 3128 was closed. I have blocked a lot of sites and URLs related to gtalk that I could without hampering the internet and work.

Now is there any way of blocking gtalk application from squid? Or any tool available for linux that will do that?

Is there any way squid will know how gtalk authenticates? Or is there any way squid will know if packets are coming from certain application? I seem to read on net that browsing using IE can be blocked. So it is possible to detect which browser is running. Can similar thing be done using squid or some external tool?

I have found that safesquid and for that matter even MS ISA server have the ability to block the access with User-Agent. But squid does not seem to have this functionality.
Right now I am running Squid Version 2.6.STABLE6.
Will check with the newer version if there are some other functionalities added.
I tried to use external_acl for User-Agent but it seems squid is unable to see it for google talk though I can see it in log files.
Is there any other method for blocking squid other than through user-agent?

Now i kept trying without success.
I tried http_reply_access without any success.
Then req_header . Log file shows request to be denied but I can still login with gtalk messenger.

This is what is the requested header that I can see in log file.
And this is the acl in squid file. I am doubting my regular expression for comparing the User Agent. Can anyone help with the regular expression so that it matches google talk anywhere in the user agent field even with some trailing or succeeding characters?

Sorry I am bad with regex.

Well the same acl works with User-Agent option for MSIE. So there is something else. May be squid is not able to recognize what user agent is being used or else that field is encrypted or something.
What am I missing?

Now that. All the rules and ACLs that I create are applied to browsing that is happening through web browser. But none of the rules are applied if using some other mode like gtalk messaging client, thunderbird or any other app.
Does this make any sense for you guys or am I shooting in the dark with eyes wide shut?

I tried to capture the packets with wireshark and analyze them. Google talk uses a lot strategies it seems to connect.
If I block the port 5222 it will connect to port 80. If I block the tcp connections it will use http connections.
If I block talkx.l.google.com or other domains for talk.google it will connect to google.com.
Now how do I block this gtalk ? This is really becoming pain in ***.
Also squid does not know about the user agent used. So this option is also invalid now.
Any ideas?????