How to Block Video Streaming With Squid

In office like Software House, they cant ban the facebook because many of the web application using facebook login to register an account and has been used many FB api for

showing FB updates in their platform. But sometimes,they are worry about the bandwidth that their users waste in watching videos on facebook. So, this is a solution for those

people (With this they can block about 95% videos)

Scenario:

In this scenario, Mikrotik will work as dhcp, dns, and default gateway for local network. Ubuntu 12.04 with 2 NICs installed (eth0, eth1). Well assume eth0 will be the connected to

the gateway, and eth1 will be connected to the switch.

Install the squid3, ebtables and bridge-utils with the following command:

sudo apt-get install squid3 ebtables bridge-utils

Edit the /etc/network/interfaces file:

sudo nano /etc/network/interfaces

Delete all the settings for eth0 and eth1:

Edit the /etc/rc.local file:

sudo nano /etc/rc.local

How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...

1 of 8 5/2/2556 13:29

Add following to the rc.local before exit 0:

#!/bin/sh -e

###############Bridge Interface###################brctl addbr br0brctl addif br0 eth0brctl addif br0 eth1ifconfig eth0 0.0.0.0 promisc upifconfig eth1 0.0.0.0 promisc upifconfig br0 10.10.10.250 netmask 255.255.255.0 uproute add default gw 10.10.10.1 dev br0##################################################

##########################################Proxy Rule#######################################ebtables -t broute -A BROUTING -p IPv4 --ip-protocol 6 --ip-destination-port 80 -j redirect --redirect-target ACCEPTiptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128iptables -t nat -A PREROUTING -i br0 -p tcp --dport 80 -j REDIRECT --to-port 3128###########################################################################################

exit 0

Note: eth0 and eth1 doesnt have ip address, instead br0 has an ip address 10.10.10.250/24 for remotely management purpose.

To enable ip forwarding, edit /etc/sysctl.conf file:

sudo nano /etc/sysctl.conf

Uncomment the following lines:

net.ipv4.ip_forward=1net.ipv6.conf.all.forwarding=1


2 of 8 5/2/2556 13:29

Reboot the system or restart networking service:

sudo /etc/init.d/networking restart

Note: If you are facing a problem then reboot the system once!

Make a backup of original squid.conf file:

sudo cp /etc/squid3/squid.conf /etc/squid3/squid.conf.original

Edit the squid.conf file:

sudo nano /etc/squid3/squid.conf

Delete everything and add these lines:

######General Settings##############

http_port 3128 transparentacl LAN src 10.10.10.0/24acl localnet src 127.0.0.1/255.255.255.255

####This client is allowed to access the restricted website####

acl special_client arp "/etc/squid3/spclients"

######Block Video Streaming##############

acl media rep_mime_type video/flv video/x-flvacl media rep_mime_type -i ^video/acl media rep_mime_type -i ^video\/#acl media rep_mime_type âpplication/x-shockwave-flashacl media rep_mime_type âpplication/vnd.ms.wms-hdr.asfv1acl media rep_mime_type âpplication/x-fcsacl media rep_mime_type âpplication/x-mms-framedacl media rep_mime_type ^video/x-ms-asfacl media rep_mime_type âudio/mpegacl media rep_mime_type âudio/x-scplsacl media rep_mime_type ^video/x-flvacl media rep_mime_type ^video/mpeg4acl media rep_mime_type ms-hdracl media rep_mime_type x-fcsacl mediapr urlpath_regex \.flv(\?.*)?$acl mediapr urlpath_regex -i \.(avi|mp4|mov|m4v|mkv|flv)(\?.*)?$acl mediapr urlpath_regex -i \.(mpg|mpeg|avi|mov|flv|wmv|mkv|rmvb)(\?.*)?$

##########Access Lists#########

http_access allow mediapr special_clienthttp_reply_access allow media special_client

http_access deny mediaprhttp_reply_access deny media


3 of 8 5/2/2556 13:29

http_access allow LANhttp_access allow localnet

########Log File##########

access_log /var/log/squid3/access.log

###### No cache anything###

no_cache deny all

Note: If you enable the blue line by removing the # sign in front of it then squid will block all the flash enable websites even if they are not video streaming sites.

Restart the squid3 service:

sudo service squid3 restart

Check the youtube.com from the client machine:

Squid will even block the HD videos:


4 of 8 5/2/2556 13:29

Check the videos on facebook.com:

Check the squid3 log for verification, that its really block the video streaming:

sudo tail -f /var/log/squid3/access.log

Suppose we want to give access to one of our developer to the video streaming sites for testing purpose, create a file and add the mac address of this developers machine in this

file(in my case this file is named as spclients and it is located at /etc/squid3/). The reason to add the mac address instead of ip address is that, here squid is working as a


5 of 8 5/2/2556 13:29

transparent bridge on layer 2 and mac address is working on layer 2 not an ip address.

Find the mac address of developers machine by using this command:

ipconfig /all

Create a file that we discuss above:

sudo nano /etc/squid3/spclients

Add the mac address here:

Restart the squid3 service:

sudo service squid3 restart

Now check the youtube.com from the developers machine that we had added as an exception:


6 of 8 5/2/2556 13:29

Rate this: 1 Vote

Share this:

Like this: 2 bloggers like this.

Also check the facebook.com videos:

Yes, its working..Hope this will help you!

Please Remember me in your prayers!

Enjoy

Name (required)

Email (required)

Website

Comment (required)

Linux, Ubuntu block facebook, block video streaming in squid, block videos on facebook, ebtables, How to block video streaming with Squid, ip protocol, squid, squid3


7 of 8 5/2/2556 13:29

SVN Server on Ubuntu with https access How to add static DNS in Ubuntu 12.04 LTS

2 Responses to How to block video streaming with Squid

Bosstiger September 13, 2012 at 11:46 amReblogged this on Gigable Tech Blog.

Reply

walyonaire October 25, 2012 at 4:23 pmWow, thank you dear, this works great and saved me a lot of bandwidthpfiou! Thanks!

Reply

TopBlog at WordPress.com. Theme: zBench by zwwooooo.


8 of 8 5/2/2556 13:29

Documents

How to Block Video Streaming With Squid