next »

[cylent]

this may sound too easy for some but its not something i can figure out.

lets say i want to block

windowsupdate.com
or download.windowsupdate.com
or phobos.apple.com

the problem is these sites dont have one ip address. most have 10 or even more and theres no way to figure them all out to drop traffic from one or two ips.

i found a method to use the dns forwarder and add a 127.0.0.1 to a domain however...
what do you do when you have a1410.phobos.apple.com and then it changes to a736.phobos.apple.com

obviously here i dont want to block all apple.com.... just these update sites.

please advise.

[dhatz]

Probably the easiest way would be to create bogus wildcard DNS records.

[cylent]

that sounds great but i wouldnt know how to do that.

for example my top taffic sites according to lightsquid are:

ardownload.adobe.com    
a1410.phobos.apple.com    
au.download.windowsupdate.com
swcdn.apple.com    
a474.phobos.apple.com
wl.dlservice.microsoft.com

as you can see from above phobos.apple.com has two links above. and more and more.


my users are literally ignorant. they dont know even basic computer knowledge. and because i set speed limits for their internet access they will complain their connection is slow. little do they know that their computer is running an update in the background sucking the speed thats allowed to them.

[M.I.Bovrd]

Services -> Proxy Server -> Access Control tab -> Blacklist Box


(^|\.)windowsupdate\.com$
(^|\.)download\.windowsupdate\.com$
(^|\.)phobos\.apple\.com$

[cylent]

Thank you.

can you please tell me how to enter in these characters so i can make my own syntax?

also

is there a file squid uses to show the blocked sites in a log?

[M.I.Bovrd]

Sorry, not sure what you mean? Type them, as you see them in the Blacklist Box.

Select - Services -> Proxy Server -> Access Control tab -> Blacklist Box

here is another couple you might want to try from your list.

(^|\.)dlservice\.microsoft\.com$
(^|\.)swcdn\.apple\.com$
(^|\.)ardownload\.adobe\.com$

The characters are regular expressions: the backslash is a delimiter for the '.' because it is a reserved character.
the '^' matches anything in front of the line with a '.'
The '$' matches anything after.
in syslog?

[cylent]

ya what i mean is how do you know the characters.

[M.I.Bovrd]

As I said they are 'regular expressions' used in unix and other OS's. Many OS's use a subset of the main expressions. A Google search for them will reveal many examples.