Warning: Any example presented here is provided "as-is" with no support or guarantee of suitability. If you have any further questions about these examples please email the squid-users mailing list.
Torrent filtering is a diffucult problem. which can't be solved easily. To difficult this for users you can first deny download .torrent files.
You can also enforce this task uses NBAR protocol discovery (DPI functionality) in your router (ISR G-2 and above 29xx Cisco series or similar). Only Squid can't completely block torrents your wish.
Squid Configuration File
Paste this to your squid.conf file. Then reconfigure squid.
# Block torrent files acl TorrentFiles rep_mime_type -i mime-type application/x-bittorrent http_reply_access deny TorrentFiles deny_info TCP_RESET TorrentFiles
This preventing downloading .torrent files by users via browsers.
Cisco router configuration
You can effectively enforce blocking torrents with Cisco router like this:
! !ip nbar protocol-pack flash0:pp-adv-isrg2-155-3.M1-23-15.0.0.pack ip nbar protocol-pack flash0:/pp-adv-isrg2-155-3.M2-23-22.0.0.pack ! class-map match-any torrent match protocol bittorrent match protocol bittorrent-networking match protocol encrypted-bittorrent match protocol encrypted-emule match protocol webthunder match protocol edonkey match protocol edonkey-static match protocol gnutella match protocol goboogy match protocol fasttrack-static match protocol winmx match protocol winny match protocol ares match protocol Konspire2b match protocol filetopia match protocol manolito match protocol networking-gnutella match protocol perfect-dark match protocol poco match protocol ppstream match protocol share match protocol songsari match protocol sopcast match protocol soulseek match protocol tomatopang match protocol xunlei-kankan match protocol dht match protocol torrentz ! policy-map Net_Limit class torrent drop class class-default bandwidth remaining percent 15 ! interface GigabitEthernet0/0 ! This is external router interface ip nbar protocol-discovery service-policy output Net_Limit !
This configuration, depending which P2P protocol you are specified, completely terminates all torrent sessions on border router/firewall.
You need to have actual NBAR2 protocol pack to do this. To do this you need to have subscription for Cisco's service and router which is support DPI, like ISR-G2 router (2901 or the similar). And you can use Squid to enforce deny download .torrent files via HTTP/HTTPS. Both of these methods permit you to block torrents almost completely.
Also note, to filter encrypted P2P protocols, on most Cisco's devices you need to activate SECURITY technology pack or has security-enabled iOS version.