Hi. Have you got any tips for filtering all type of radio streaming which spends more and more bandwitdh?? (for example, shoutcast/realserver radio) The problem is that many radio streaming servers are located on port 80, so I cannot differentiate between legal www traffic and shoutcast/other streaming server traffic (at the ip layer). So I cannot use iptables/ipchains. But I also have a squid server set as transparent proxy (so all port-80 traffic is forwarded through squid). Here we are at app layer, so the filtering I'm looking for should be possible. Any ideas about how to implement this filtering? Anyone who has made this kind of filtering? Is there any http header which differentiates www traffic and streaming traffic? Thanks in advance. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Hi Roman, You might want to create ACL's for the useragent and block it in the squid.conf acl aclname browser pattern example: acl realplayer browser RealPlayer http_access deny realplayer I've not tested this. You can view the useragents in /var/squid/logs/access.log. Perhaps you need to enable the log_mime_hdrs. An alternative is to use the delay_pools to "punish" users that take too much bandwidth. Good luck! Theo "RoMaN SoFt / LLFB!!" wrote:
Hi.
Have you got any tips for filtering all type of radio streaming which spends more and more bandwitdh?? (for example, shoutcast/realserver radio)
The problem is that many radio streaming servers are located on port 80, so I cannot differentiate between legal www traffic and shoutcast/other streaming server traffic (at the ip layer). So I cannot use iptables/ipchains.
But I also have a squid server set as transparent proxy (so all port-80 traffic is forwarded through squid). Here we are at app layer, so the filtering I'm looking for should be possible. Any ideas about how to implement this filtering? Anyone who has made this kind of filtering? Is there any http header which differentiates www traffic and streaming traffic?
Thanks in advance.
for instance, RealServer can stream audio on several ports, including port 552 for RTSP and port 7070 for PNM, so you can create the link to your RealServer using either the rtsp:// or pnm:// protocol spec ... although u would then have to re-do the /path/to/your/file.. but that's easy.... u can then block off port 80 or redirect it to where u want it... good luck.. AKNIT --- RoMaN SoFt / LLFB!! <roman@madrid.com> wrote: >
Hi.
Have you got any tips for filtering all type of radio streaming which spends more and more bandwitdh?? (for example, shoutcast/realserver radio)
The problem is that many radio streaming servers are located on port 80, so I cannot differentiate between legal www traffic and shoutcast/other streaming server traffic (at the ip layer). So I cannot use iptables/ipchains.
But I also have a squid server set as transparent proxy (so all port-80 traffic is forwarded through squid). Here we are at app layer, so the filtering I'm looking for should be possible. Any ideas about how to implement this filtering? Anyone who has made this kind of filtering? Is there any http header which differentiates www traffic and streaming traffic?
Thanks in advance.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ** RoMaN SoFt / LLFB ** roman@madrid.com http://pagina.de/romansoft ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
____________________________________________________________ Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie
participants (3)
-
Mark Tinka -
RoMaN SoFt / LLFB!! -
Theo Boersma