Solved Control skype traffic by squid

cesjr

Member

Reaction score: 3
Messages: 64

Hi guys , I have been writing a ACL rules for flitering skype traffic for a while .
Code:
#skype
acl numeric_IPs dstdom_regex ^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype
acl validUserAgent browser \S+
acl skypenet dstdomain .skype.com

#IP list that allow access to skype
acl user_to_im src "/usr/local/etc/squid/skyper"

#Allow access to skype
http_access allow CONNECT user_to_im numeric_IPS
http_access allow CONNECT user_to_im Skype_UA
http_access allow CONNECT user_to_im !validUserAgent
http_access allow CONNECT user_to_im skypenet
I think it should be forcing skype passed by port 443 and 80 ( I allow 80 and 443 in squid.conf) and it is working good for a long time.
But in the recent , the skype have release a new version , after that , some client can not access skype by squid proxy server ...:(
I assume skype have change the login method or login page that cause this problem.
Any suggestion will be grateful,thanks
 
OP
OP
cesjr

cesjr

Member

Reaction score: 3
Messages: 64

Hi , I using Wireshark to sniffer packet , and I noticed that a new domain ".skypeassets.com" exist !
So, I add it in "acl skypenet dstdomain" .And one more thing , update your windows IE 8 to IE 11 , otherwise it will not support "HTTP Proxy" setting !
 
OP
OP
cesjr

cesjr

Member

Reaction score: 3
Messages: 64

Hi guys
Skype has recently changed their domain name.
The following names are what I have observed.
Code:
auth.gfx.ms
i.s-microsoft.com
skype-m.hotmail.com
login.live.com
skypeassets.com 
microsoft.com
Hope this may be helpful
 
Top