RE: [squid-users] Squid 3.1.0.12 allowing MSN Messenger - 502

From: Daniel <Squid_at_ZoomEmail.com>
Date: Tue, 4 Aug 2009 08:35:44 -0400

Ok, I was able to get it working this morning. Perhaps someone can update the ConfigExample for Chat to include Windows Live Messenger?? Would someone please explain why what I did worked? To be honest I just decided to give it a shot and since I do not understand the ACL's yet I am confused.

All I did was add the following ACL:
acl msn1 req_mime_type application/x-msn-messenger

So I have two ACL's in regard to the mime type (and I question if I need the first one):
acl msn1 req_mime_type ^application/x-msn-messenger$
acl msn1 req_mime_type application/x-msn-messenger'

Any ideas of why this worked / what I was doing wrong??

-Daniel

-----Original Message-----
From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Sent: Monday, August 03, 2009 7:30 PM
To: Daniel
Cc: Squid-Users_at_Squid-Cache.org
Subject: Re: [squid-users] Squid 3.1.0.12 allowing MSN Messenger - 502

On Mon, 3 Aug 2009 17:09:31 -0400, "Daniel" <Squid_at_ZoomEmail.com> wrote:
> Ok, I have been banging my head against a few issues so I'll start with
> this
> one.
>
> I read on http://wiki.squid-cache.org/ConfigExamples/Chat where I can
make
> MSN Messenger work through Squid. I am trying to allow MSN Messenger
(Live)
> to work through Squid. I believe the issue is around this 502 error... I
> don't know, completely stumped.

MSN Messenger is not he same as MSN Messenger Live.

They are very different programs with very different access needs despite
sharing some of the network servers and being able to talk to each other.

You can help both yourself and others by tracking down exactly what the
program is trying to do. From my own brief brush with Live, I recall it
doing some form or HTTPS or SSL encrypted link directly with the servers
before it was allowed to have any web contact the proxy could relay.

The best bet is to try to isolate the computer running Live and see what
connections its making, how and to where.

Amos

>
> My Squid.conf is the following & the access.log error message:
>
> ================ BEGIN squid.conf BEGIN ================
> acl manager proto cache_object
> acl localhost src 127.0.0.1/32
> acl to_localhost dst 127.0.0.0/8
> acl TestPoolIPs src 10.211.213.135 10.211.212.40
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl sclthdq01w src 10.211.194.187/32 # custom acl for apache/cache
> manager
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
> http_access allow manager localhost
> http_access allow manager sclthdq01w
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> #http_access allow localnet
> http_access allow localhost
> http_access allow TestPoolIPs
>
> # MSN Messenger
> acl msn urlpath_regex -i /gateway/gateway.dll
> acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
> acl msn1 req_mime_type ^application/x-msn-messenger$
> http_access allow msnd
> http_access allow msn
> http_access allow msn1
>
> http_access deny all
> http_port 3128
> hierarchy_stoplist cgi-bin ?
> coredump_dir /usr/local/squid/var/cache
> cache_mem 512 MB
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> ================ END squid.conf END ================
>
> ================ BEGIN access.log snippet BEGIN ================
> 1249333460.877 167 10.211.212.40 TCP_MISS/502 4074 POST
> http://gateway.messenger.hotmail.com/gateway/gateway.dll? -
> DIRECT/65.54.239.21 text/html
> ================ END access.log snippet END ================
>
> I don't believe that this has anything to do with it now, but just as an
> FYI
> I tried to use another 'regex' command:
> acl msn url_regex -i gateway.dll
Received on Tue Aug 04 2009 - 12:36:09 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 04 2009 - 12:00:03 MDT