[squid-users] Microsoft Updates

From: b1 <forum_at_b1online.de>
Date: Wed, 05 May 2010 18:46:18 +0200

Hello everybody

At our school we are using squid 2.7 stable on a Debian Lenny machine.
Users are authenticated via an Active Directory. Users without
Authentication are denied Internet access.

Unfortunately we have some Windows Desktops, which are trying to pull
their updates, without using the Credentials of the users Domain-Logon.
These updates were consequently denied. Therefore we wanted to add
exceptions to always allow connections to the Microsoft update sites.
This is how I tried to implement this, by putting the following lines at
the top of our squid.conf:

acl windowsupdate dstdomain .microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate2 dst
acl windowsupdate2 dst
acl windowsupdate2 dst
acl windowsupdate2 dst
acl windowsupdate2 dst
acl windowsupdate dstdomain .eset.com
acl windowsupdate dstdomain microsoftwga.112.207.net
acl windowsupdate dstdomain .msft.net

acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com

acl localnet src
acl localhost src

http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_reply_access allow CONNECT wuCONNECT localnet
http_reply_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
http_reply_access allow windowsupdate localnet
http_reply_access allow windowsupdate localhost

Unfortunately its not working. It would be great, if anybody had some hints why this is
not working, or if anybody has a working configuration himself.

Any help is appreciated.

Thank you very much

Received on Wed May 05 2010 - 16:46:24 MDT

This archive was generated by hypermail 2.2.0 : Thu May 06 2010 - 12:00:08 MDT