[squid-users] Allow MSN Messenger through squid?

From: Tom Anderson <thomas@dont-contact.us>
Date: Thu, 25 Mar 2004 13:33:25 +1000

I have recently made some changes to the squid cache at the school that I'm
the sysadmin for, and it has come to my attention that MSN messenger no
longer works. MSN is only used by about half a dozen staff members, and
usually from the same pc's, all with fixed IP addresses.

The changes I made were as follows:
- Implementing DansGuardian to provide content filtering
- Implementing proxy password authentication for tighter 'who's doing what'
type logging
No firewall changes were made.

MSN used to 'just work' - it didnt need any proxy information set, and would
just connect out to the internet. I'm not sure what of the above has caused
this, but it may be DansGuardian. It listens on the port the proxy used to
(8080), and redirects requests through the cache, which listens only on port
3128 on the same machine as dansguardian - access to this cache via other
machines is therefore not possible. I have played around with some acl rules
trying to get squid to allow msn for only certain hosts, but I dont seem to
be having any luck. I suspect that it may be that MSN is getting caught in
DansGuardian somewhere and not being passed through to the proxy.

Here are the acl and http_access rules from my squid.conf. If you need
anything other than this, let me know and I will provide.

acl users proxy_auth REQUIRED
acl localhost src 127.0.0.1/255.55.255.255
acl all src 0.0.0.0/0.0.0.0
acl msn_hosts src 127.0.0.1 10.0.0.47 10.0.0.92 10.0.0.202 10.0.0.203
10.0.0.204
acl SSL_ports port 443 563
acl CONNECT method CONNECT

I put in 127.0.0.1 as the proxy sees all requests as coming from localhost.
The other IP's are now redundant, but this will then allow MSN to work for
everyone.

http_access allow msn_hosts all
http_access allow users
http_access deny all
http_access deny CONNECT !SSL_ports

There are no proxy settings set in MSN, which is what I would prefer to have
but isnt required. An excerpt from the squid access log for what happens when
I try to connect:

1080185050.589 5713 127.0.0.0 TCP_MISS/200 300 POST
http://gateway.messenger.hotmail.com/gateway/gateway.dll? -
DIRECT/207.46.104.20 application/x-msn-messenger

If you want any more info please let me know. I'm quite desparate to get this
working ASAP!

Thanks in advance,

Tom Anderson
Received on Wed Mar 24 2004 - 20:31:20 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:03 MST