[squid-users] ACL problems for a newbie.

From: Tom Vivian <tom@dont-contact.us>
Date: Fri, 14 Sep 2007 08:42:10 +0100

SquidNT 2.5
ntlm auth
Windows Server 2003

Everything is nearly working. The authentication against AD is fine, I can
see the domain name\username in the logs etc. However I can't get Windows
update to work, nor can my TomTom Home software logon to the TomTom site.

Below is a copy of the logs entries for each case and my config:

acl WindowsUpdate dstdomain -i c:/squid/etc/msupdate.txt
no_cache deny WindowsUpdate
http_access allow WindowsUpdate

msupdate.txt contains:

windowsupdate.microsoft.com
update.microsoft.com
activex.microsoft.com
download.windowsupdate.com
www.download.windowsupdate.com
codecs.microsoft.com
stats.updates.microsoft.com
c.microsoft.com

Log entry:

1189755514.809 0 192.168.2.100 TCP_DENIED/407 1723 POST
http://sweet.tomtom.com/cens/sweet/sd/ - NONE/- text/html
1189755522.542 30 192.168.2.100 TCP_DENIED/407 1798 GET
http://www.update.microsoft.com/microsoftupdate/v6/splash.aspx? - NONE/-
text/html
1189755522.562 20 192.168.2.100 TCP_DENIED/407 1864 GET
http://www.update.microsoft.com/microsoftupdate/v6/splash.aspx? - NONE/-
text/html
1189755523.013 0 192.168.2.100 TCP_DENIED/407 1816 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js? -
NONE/- text/html
1189755523.043 0 192.168.2.100 TCP_DENIED/407 1882 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js? -
NONE/- text/html
1189755523.183 621 192.168.2.100 TCP_MISS/200 3493 GET
http://www.update.microsoft.com/microsoftupdate/v6/splash.aspx? home\tom
DIRECT/207.46.211.119 text/html
1189755523.484 431 192.168.2.100 TCP_MISS/200 2563 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js?
home\tom DIRECT/207.46.211.119 application/x-javascript
1189755524.095 601 192.168.2.100 TCP_MISS/200 19663 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/content.js?
home\tom DIRECT/207.46.211.119 application/x-javascript
1189755524.435 110 192.168.2.100 TCP_MISS/200 324 HEAD
http://download.windowsupdate.com/v7/windowsupdate/redir/wuredir.cab?
home\tom DIRECT/209.84.12.126 application/octet-stream
1189755524.466 0 192.168.2.100 TCP_DENIED/407 344 HEAD
http://www.update.microsoft.com/v7/windowsupdate/selfupdate/wuident.cab? -
NONE/- text/html
1189755524.486 20 192.168.2.100 TCP_DENIED/407 410 HEAD
http://www.update.microsoft.com/v7/windowsupdate/selfupdate/wuident.cab? -
NONE/- text/html
1189755524.656 481 192.168.2.100 TCP_MISS/200 466 GET
http://c.microsoft.com/wupixel/wt_pixel.aspx? home\tom DIRECT/207.46.211.252
image/gif
1189755584.047 0 192.168.2.100 TCP_DENIED/407 1828 GET
http://www.update.microsoft.com/microsoftupdate/v6/errorinformation.aspx? -
NONE/- text/html
1189755584.047 0 192.168.2.100 TCP_DENIED/407 1894 GET
http://www.update.microsoft.com/microsoftupdate/v6/errorinformation.aspx? -
NONE/- text/html
1189755584.087 0 192.168.2.100 TCP_DENIED/407 1726 GET
http://c.microsoft.com/trans_pixel.asp? - NONE/- text/html
1189755584.107 20 192.168.2.100 TCP_DENIED/407 1792 GET
http://c.microsoft.com/trans_pixel.asp? - NONE/- text/html
1189755584.127 0 192.168.2.100 TCP_DENIED/407 1726 GET
http://c.microsoft.com/trans_pixel.asp? - NONE/- text/html
1189755584.137 0 192.168.2.100 TCP_DENIED/407 1792 GET
http://c.microsoft.com/trans_pixel.asp? - NONE/- text/html
1189755584.348 241 192.168.2.100 TCP_MISS/000 0 GET
http://c.microsoft.com/trans_pixel.asp? home\tom DIRECT/207.46.211.252 -
1189755584.358 0 192.168.2.100 TCP_DENIED/407 1816 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js? -
NONE/- text/html
1189755584.378 20 192.168.2.100 TCP_DENIED/407 1882 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js? -
NONE/- text/html
1189755584.578 441 192.168.2.100 TCP_MISS/200 466 GET
http://c.microsoft.com/trans_pixel.asp? home\tom DIRECT/207.46.211.252
image/gif
1189755584.628 250 192.168.2.100 TCP_MISS/200 2563 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/tgar.js?
home\tom DIRECT/207.46.211.119 application/x-javascript
1189755584.648 591 192.168.2.100 TCP_MISS/200 9440 GET
http://www.update.microsoft.com/microsoftupdate/v6/errorinformation.aspx?
home\tom DIRECT/207.46.211.119 text/html
1189755585.039 411 192.168.2.100 TCP_MISS/200 19663 GET
http://www.update.microsoft.com/microsoftupdate/v6/shared/js/content.js?
home\tom DIRECT/207.46.211.119 application/x-javascript
1189755586.031 932 192.168.2.100 TCP_MISS/200 466 GET
http://c.microsoft.com/wupixel/wt_pixel.aspx? home\tom DIRECT/207.46.211.252
image/gif
1189755586.441 1312 192.168.2.100 TCP_MISS/500 3310 GET
http://stats.update.microsoft.com/v5sitereporting/report.aspx? home\tom
DIRECT/207.46.211.250 text/html
1189755586.692 551 192.168.2.100 TCP_MISS/200 466 GET
http://c.microsoft.com/trans_pixel.asp? home\tom DIRECT/207.46.211.252
image/gif

Tom.

---------------------------------------------
 Atomix Solutions - making technology simple
---------------------------------------------
 Broadband / Networks / Email / Maintenance

 www: http://www.atomixsolutions.net
 tel: +44 (0)7980 560118
        +44 (0)1765 605646
 fax: +44 (0)1765 605646
 skype: tom_galphay
 msn: tomvivian17@msn.com
=============================================

IMPORTANT: The contents of this email, and any attachments, are CONFIDENTIAL
and intended only for the person(s) to whom they are addressed. If you have
received the email in error please notify the sender immediately and delete
it from your computer system. Do not copy or distribute it or disclose its
contents to any person. Unless otherwise stated, the views and opinions
expressed in this email are personal to the sender and do not represent the
official view of the company.
Received on Fri Sep 14 2007 - 01:47:36 MDT

This archive was generated by hypermail pre-2.1.9 : Mon Oct 01 2007 - 12:00:02 MDT