Is there any way to filter or ban the applications through squid?
Not necessarily using port numbers or destination domains or destination IP addresses with port numbers.
Basically I need to restrict the messengers but here all are using Pidgin for the purpose rather than using yahoo messenger and gtalk.
can this particular application be restricted so that any service from this application is rejected.

Thanks in advance.

Hello everyone,
Hello Linux gurus
Anyone got any idea about this?
If you can update me if this is possible or do I need to go and find other way to block the applications?

i think the best way is to use regular expressions to match and then use an ACL to blok the application. doing a google search for "block live messenger using squid" will give you an idea about how to do it.

however as more and more applications are getting smarter at working through proxy you'll need a better IT policy in place as well. I think it is a good time to make one (if you don't have one already) and enforce it strictly.

We are not very strict about policies as such and want environment to be open to everyone. Just want to block the instant messengers. I already have lists for some other inappropriate content sites that are not allowed. Other than this there is no restriction on the usage but now I need to apply the restriction to pidgin so that people put more time on work than chatting with acquaintances.
This has not yet hampered our productivity yet but the management still thinks it is time to act fast before it really decreases it.
And as far as using regular expressions is concerned, I am doubtful if this will work as regular expressions are not matched with the name of the application that requests the squid.
They are usually matched with the URL names or the content in the incoming pages.

About ban an application from squid, i have tried for a long time without a good end XD, for msn block i use iptables, blocking just the port to logon (1863) and it works for me, block all 60 machines

The messengers are ok but the multiple protocol messengers like gaim and pidgin use different ports. I tried to find out the ports using netstat but could not locate a certain port.

Can anyone help me in finding the ports on which Pidgin could probably work?
I tried netstat command to find if there are some certain ports that would be occupied by Pidgin.
I first logged in with Pidgin and then fired netstat. Got the output of the command in a file.
Then I quit Pidgin and again got the output of netstat in other file. Then tried to find out the difference.
After that again logged in and analyzed the netstat.
There are some ports that I thought were used by pidgin and I hope they are. But the next time I logged in, some other ports were seen to be active.
Also, Pidgin allows multiple protocol log ins at a time. This also has its own problems.
I already have blocked yahoo and gmail but still I can log into yahoo messenger account and gtalk account using Pidgin.
If anyone can put some light into this issue where I might be going wrong or which is the corner that I am missing to look into?

i have suscesfully block the pidgin messeger, not just for msn, but also for yahoo and aim. All i do was to block the port that each service use to connect.
http://en.wikipedia.org/wiki/List_of...P_port_numbers

Take a look at that page. Hope it help you.

P.D.: I never try to put the pidgin in http method to connect, so if the user knows about that, the block from iptables will not work XD. Sorry.

Yeah that would definitely help. Thats a nice help.


I did not really understand what you are trying to explain. I would appreciate your help to understand it.

In linux pidgin, when you are goin to add a new account (msn, yahoo, aim...) you can chose to use the http method to connect, in other words, you can use port 80 (http) to connect. So, if the user you are trying to block knows about this, it will be another problem XD.
Insted of login through port 1863, it will log through port 80, now, if you block that port your clients won't be able to surf the web. And thast another investigation to go on

hope i helped.

OH yeah definitely helped a lot. I did not really know that user could select the port to use in Pidgin. Will try if that can be done. But thanks once again for your time and help.
Will come back though if there are other issues that come up.
Thanks once again.

With iptables I am able to restrict Pidgin. But I still want to know if in acl area I can define port and then deny the access to that port.


like:
acl unsafe_ports port 5222
acl unsafe_ports port 5050

#http_access area
http_access deny unsafe_ports

Is there any chance that I can use this method to deny Pidgin?

I have an idea that the squid will look on this ports for the incoming packets and this is not going to happen as all the packets are to come on port 80 at squid.
But still, is there any chance that I can use these methods to deny Pidgin.

Squid at this moment is running RHEL4.