Block Video Streaming with Squid

In office like Software House, they cant ban the facebook because many of the web application using
facebook login to register an account and has been used many FB api for
showing FB updates in their platform. But sometimes,they are worry about the bandwidth that their users waste in watching videos on facebook. So, this is a solution for those
people (With this they can block about 95% videos)
Scenario:
In this scenario, Mikrotik will work as dhcp, dns, and default gateway for local network. Ubuntu 12.04 with 2 NICs installed (eth0, eth1). Well assume eth0 will be the connected to
the gateway, and eth1 will be connected to the switch.
Install the squid3, ebtables and bridge-utils with the following command:
sudo apt - get i nst al l squi d3 ebt abl es br i dge- ut i l s
Edit the /etc/network/interfaces file:
sudo nano / et c/ net wor k/ i nt er f aces
Delete all the settings for eth0 and eth1:
Edit the /etc/rc.local file:
sudo nano / et c/ r c. l ocal
How to block video streaming with Squid Lazy Geek -:) http://rbgeek.wordpress.com/2012/09/12/how-to-block-video-s...
1 of 8 5/2/2556 13:29
Add following to the rc.local before exit 0:
#! / bi n/ sh - e
###############Br i dge I nt er f ace###################
br ct l addbr br 0
br ct l addi f br 0 et h0
br ct l addi f br 0 et h1
i f conf i g et h0 0. 0. 0. 0 pr omi sc up
i f conf i g et h1 0. 0. 0. 0 pr omi sc up
i f conf i g br 0 10. 10. 10. 250 net mask 255. 255. 255. 0 up
r out e add def aul t gw 10. 10. 10. 1 dev br 0
##################################################
##########################################Pr oxy Rul e#######################################
ebt abl es - t br out e - A BROUTI NG - p I Pv4 - - i p- pr ot ocol 6 - - i p- dest i nat i on- por t 80 - j r edi r ect - - r edi r ect - t ar get ACCEPT
i pt abl es - t nat - A PREROUTI NG - i br 0 - p t cp - - dpor t 80 - j REDI RECT - - t o- por t 3128
i pt abl es - t nat - A PREROUTI NG - i et h0 - p t cp - - dpor t 80 - j REDI RECT - - t o- por t 3128
i pt abl es - t nat - A PREROUTI NG - i et h1 - p t cp - - dpor t 80 - j REDI RECT - - t o- por t 3128
i pt abl es - t nat - A PREROUTI NG - i br 0 - p t cp - - dpor t 80 - j REDI RECT - - t o- por t 3128
###########################################################################################
exi t 0
Note: eth0 and eth1 doesnt have ip address, instead br0 has an ip address 10.10.10.250/24 for remotely management purpose.
To enable ip forwarding, edit /etc/sysctl.conf file:
sudo nano / et c/ sysct l . conf
Uncomment the following lines:
net . i pv4. i p_f or war d=1
net . i pv6. conf . al l . f or war di ng=1
2 of 8 5/2/2556 13:29
Reboot the system or restart networking service:
sudo / et c/ i ni t . d/ net wor ki ng r est ar t
Note: If you are facing a problem then reboot the system once!
Make a backup of original squid.conf file:
sudo cp / et c/ squi d3/ squi d. conf / et c/ squi d3/ squi d. conf . or i gi nal
Edit the squid.conf file:
sudo nano / et c/ squi d3/ squi d. conf
Delete everything and add these lines:
######Gener al Set t i ngs##############
ht t p_por t 3128 t r anspar ent
acl LAN sr c 10. 10. 10. 0/ 24
acl l ocal net sr c 127. 0. 0. 1/ 255. 255. 255. 255
####Thi s cl i ent i s al l owed t o access t he r est r i ct ed websi t e####
acl speci al _cl i ent ar p " / et c/ squi d3/ spcl i ent s"
######Bl ock Vi deo St r eami ng##############
acl medi a r ep_mi me_t ype vi deo/ f l v vi deo/ x- f l v
acl medi a r ep_mi me_t ype - i ^vi deo/
acl medi a r ep_mi me_t ype - i ^vi deo\ /
#acl medi a r ep_mi me_t ype âppl i cat i on/ x- shockwave- f l ash
acl medi a r ep_mi me_t ype âppl i cat i on/ vnd. ms. wms- hdr . asf v1
acl medi a r ep_mi me_t ype âppl i cat i on/ x- f cs
acl medi a r ep_mi me_t ype âppl i cat i on/ x- mms- f r amed
acl medi a r ep_mi me_t ype ^vi deo/ x- ms- asf
acl medi a r ep_mi me_t ype âudi o/ mpeg
acl medi a r ep_mi me_t ype âudi o/ x- scpl s
acl medi a r ep_mi me_t ype ^vi deo/ x- f l v
acl medi a r ep_mi me_t ype ^vi deo/ mpeg4
acl medi a r ep_mi me_t ype ms- hdr
acl medi a r ep_mi me_t ype x- f cs
acl medi apr ur l pat h_r egex \ . f l v( \ ?. *) ?$
acl medi apr ur l pat h_r egex - i \ . ( avi | mp4| mov| m4v| mkv| f l v) ( \ ?. *) ?$
acl medi apr ur l pat h_r egex - i \ . ( mpg| mpeg| avi | mov| f l v| wmv| mkv| r mvb) ( \ ?. *) ?$
##########Access Li st s#########
ht t p_access al l ow medi apr speci al _cl i ent
ht t p_r epl y_access al l ow medi a speci al _cl i ent
ht t p_access deny medi apr
ht t p_r epl y_access deny medi a
3 of 8 5/2/2556 13:29
ht t p_access al l ow LAN
ht t p_access al l ow l ocal net
########Log Fi l e##########
access_l og / var / l og/ squi d3/ access. l og
###### No cache anyt hi ng###
no_cache deny al l
Note: If you enable the blue line by removing the # sign in front of it then squid will block all the flash enable websites even if they are not video streaming sites.
Restart the squid3 service:
sudo ser vi ce squi d3 r est ar t
Check the youtube.com from the client machine:
Squid will even block the HD videos:
4 of 8 5/2/2556 13:29
Check the videos on facebook.com:
Check the squid3 log for verification, that its really block the video streaming:
sudo t ai l - f / var / l og/ squi d3/ access. l og
Suppose we want to give access to one of our developer to the video streaming sites for testing purpose, create a file and add the mac address of this developers machine in this
file(in my case this file is named as spclients and it is located at /etc/squid3/). The reason to add the mac address instead of ip address is that, here squid is working as a
5 of 8 5/2/2556 13:29
transparent bridge on layer 2 and mac address is working on layer 2 not an ip address.
Find the mac address of developers machine by using this command:
i pconf i g / al l
Create a file that we discuss above:
sudo nano / et c/ squi d3/ spcl i ent s
Add the mac address here:
Restart the squid3 service:
sudo ser vi ce squi d3 r est ar t
Now check the youtube.com from the developers machine that we had added as an exception:
6 of 8 5/2/2556 13:29
Rate this:
1 Vote
Share this:
Like this: 2 bloggers like this.
Also check the facebook.com videos:
Yes, its working..Hope this will help you!
Please Remember me in your prayers!
Enjoy
Name (required)
Email (required)
Website
Comment (required)
Linux, Ubuntu block facebook, block video streaming in squid, block videos on facebook, ebtables, How to block video streaming with Squid, ip protocol, squid, squid3
7 of 8 5/2/2556 13:29
SVN Server on Ubuntu with https access How to add static DNS in Ubuntu 12.04 LTS
2 Responses to How to block video streami ng wi th Squi d
Bosstiger September 13, 2012 at 11:46 am
Reblogged this on Gigable Tech Blog.
Reply
walyonaire October 25, 2012 at 4:23 pm
Wow, thank you dear, this works great and saved me a lot of bandwidthpfiou! Thanks!
Reply
Top
Blog at WordPress.com. Theme: zBench by zwwooooo.
8 of 8 5/2/2556 13:29

Block Video Streaming with Squid

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Block Video Streaming with Squid

Uploaded by

Copyright:

Available Formats

In office like Software House, they cant ban the facebook because many of the web application using

You might also like