Hello everybody
At our school we are using squid 2.7 stable on a Debian Lenny machine.
Users are authenticated via an Active Directory. Users without
Authentication are denied Internet access.
Unfortunately we have some Windows Desktops, which are trying to pull
their updates, without using the Credentials of the users Domain-Logon.
These updates were consequently denied. Therefore we wanted to add
exceptions to always allow connections to the Microsoft update sites.
This is how I tried to implement this, by putting the following lines at
the top of our squid.conf:
acl windowsupdate dstdomain .microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate2 dst 89.202.157.135
acl windowsupdate2 dst 89.202.157.136
acl windowsupdate2 dst 89.202.157.137
acl windowsupdate2 dst 89.202.157.138
acl windowsupdate2 dst 89.202.157.139
acl windowsupdate dstdomain .eset.com
acl windowsupdate dstdomain microsoftwga.112.207.net
acl windowsupdate dstdomain .msft.net
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
acl localnet src 172.16.0.0/12
acl localhost src 127.0.0.1/32
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_reply_access allow CONNECT wuCONNECT localnet
http_reply_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_reply_access allow windowsupdate localnet
http_reply_access allow windowsupdate localhost
Unfortunately its not working. It would be great, if anybody had some hints why this is
not working, or if anybody has a working configuration himself.
Any help is appreciated.
Thank you very much
Benedikt
Received on Wed May 05 2010 - 16:46:24 MDT
This archive was generated by hypermail 2.2.0 : Thu May 06 2010 - 12:00:08 MDT