Upload
hafzee-ibrahim
View
225
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Using squid proxy block video streaming in local network
Citation preview
In office like Software House, they cant ban the facebook because many of the web application using facebook login to register an account and has been used many FB api for
showing FB updates in their platform. But sometimes,they are worry about the bandwidth that their users waste in watching videos on facebook. So, this is a solution for those
people (With this they can block about 95% videos)
Scenario:
In this scenario, Mikrotik will work as dhcp, dns, and default gateway for local network. Ubuntu 12.04 with 2 NICs installed (eth0, eth1). Well assume eth0 will be the connected to
the gateway, and eth1 will be connected to the switch.
Install the squid3, ebtables and bridge-utils with the following command:
sudo apt-get install squid3 ebtables bridge-utils
Edit the /etc/network/interfaces file:
sudo nano /etc/network/interfaces
Delete all the settings for eth0 and eth1:
Edit the /etc/rc.local file:
sudo nano /etc/rc.local
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
1 of 8 5/2/2556 13:29
Add following to the rc.local before exit 0:
#!/bin/sh -e
###############Bridge Interface###################brctl addbr br0brctl addif br0 eth0brctl addif br0 eth1ifconfig eth0 0.0.0.0 promisc upifconfig eth1 0.0.0.0 promisc upifconfig br0 10.10.10.250 netmask 255.255.255.0 uproute add default gw 10.10.10.1 dev br0##################################################
##########################################Proxy Rule#######################################ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPTiptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128###########################################################################################
exit 0
Note: eth0 and eth1 doesnt have ip address, instead br0 has an ip address 10.10.10.250/24 for remotely management purpose.
To enable ip forwarding, edit /etc/sysctl.conf file:
sudo nano /etc/sysctl.conf
Uncomment the following lines:
net.ipv4.ip_forward=1net.ipv6.conf.all.forwarding=1
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
2 of 8 5/2/2556 13:29
Reboot the system or restart networking service:
sudo /etc/init.d/networking restart
Note: If you are facing a problem then reboot the system once!
Make a backup of original squid.conf file:
sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original
Edit the squid.conf file:
sudo nano /etc/squid3/squid.conf
Delete everything and add these lines:
######General Settings##############
http_port 3128 transparentacl LAN src 10.10.10.0/24acl localnet src 127.0.0.1/255.255.255.255
####This client is allowed to access the restricted website####
acl special_client arp "/etc/squid3/spclients"
######Block Video Streaming##############
acl media rep_mime_type video/flv video/x-flvacl media rep_mime_type -i ^video/acl media rep_mime_type -i ^video\/#acl media rep_mime_type ^application/x-shockwave-flashacl media rep_mime_type ^application/vnd.ms.wms-hdr.asfv1acl media rep_mime_type ^application/x-fcsacl media rep_mime_type ^application/x-mms-framedacl media rep_mime_type ^video/x-ms-asfacl media rep_mime_type ^audio/mpegacl media rep_mime_type ^audio/x-scplsacl media rep_mime_type ^video/x-flvacl media rep_mime_type ^video/mpeg4acl media rep_mime_type ms-hdracl media rep_mime_type x-fcsacl mediapr urlpath_regex \.flv(\?.*)?$acl mediapr urlpath_regex -i \.(avi|mp4|mov|m4v|mkv|flv)(\?.*)?$acl mediapr urlpath_regex -i \.(mpg|mpeg|avi|mov|flv|wmv|mkv|rmvb)(\?.*)?$
##########Access Lists#########
http_access allow mediapr special_clienthttp_reply_access allow media special_client
http_access deny mediaprhttp_reply_access deny media
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
3 of 8 5/2/2556 13:29
http_access allow LANhttp_access allow localnet
########Log File##########
access_log /var/log/squid3/access.log
###### No cache anything###
no_cache deny all
Note: If you enable the blue line by removing the # sign in front of it then squid will block all the flash enable websites even if they are not video streaming sites.
Restart the squid3 service:
sudo service squid3 restart
Check the youtube.com from the client machine:
Squid will even block the HD videos:
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
4 of 8 5/2/2556 13:29
Check the videos on facebook.com:
Check the squid3 log for verification, that its really block the video streaming:
sudo tail -f /var/log/squid3/access.log
Suppose we want to give access to one of our developer to the video streaming sites for testing purpose, create a file and add the mac address of this developers machine in this
file(in my case this file is named as spclients and it is located at /etc/squid3/). The reason to add the mac address instead of ip address is that, here squid is working as a
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
5 of 8 5/2/2556 13:29
transparent bridge on layer 2 and mac address is working on layer 2 not an ip address.
Find the mac address of developers machine by using this command:
ipconfig /all
Create a file that we discuss above:
sudo nano /etc/squid3/spclients
Add the mac address here:
Restart the squid3 service:
sudo service squid3 restart
Now check the youtube.com from the developers machine that we had added as an exception:
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
6 of 8 5/2/2556 13:29
Rate this: 1 Vote
Share this:
Like this: 2 bloggers like this.
Also check the facebook.com videos:
Yes, its working..Hope this will help you!
Please Remember me in your prayers!
Enjoy
Name (required)
Email (required)
Website
Comment (required)
Linux, Ubuntu block facebook, block video streaming in squid, block videos on facebook, ebtables, How to block video streaming with Squid, ip protocol, squid, squid3
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
7 of 8 5/2/2556 13:29
SVN Server on Ubuntu with https access How to add static DNS in Ubuntu 12.04 LTS
2 Responses to How to block video streaming with Squid
Bosstiger September 13, 2012 at 11:46 amReblogged this on Gigable Tech Blog.
Reply
walyonaire October 25, 2012 at 4:23 pmWow, thank you dear, this works great and saved me a lot of bandwidthpfiou! Thanks!
Reply
TopBlog at WordPress.com. Theme: zBench by zwwooooo.
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
8 of 8 5/2/2556 13:29