[squid-users] Re: Re: Windows Messenger through Squid

From: <gsandorx_at_aol.com>
Date: Fri, 5 Nov 2010 16:42:26 -0400 (EDT)

I've been even trying using Squid, which I manually compiled.
As you know, Squid has better support for HTTP/1.1 (I thought
it was something related with that, as Squid 2.6STABLE21 uses
HTTP/1.0). Now, with the sniffer I see HTTP/1.1 responses from Live
servers through Squid (when with Squid < 3.2 I was getting HTTP/1.0
responses). Furthermore, balance_on_multiple_ip is off by default in
3.2. Nothing changed.

I have to use this old software as I have _many_ users with this
software already installed, and upgrading would be a pain right now.

I don't think the problem is that Live servers are refusing to login
old releases. I was able to login in from the same clients using direct
connection and through an ISA server 2006 .... :(


On 05/11/10 02:19, gsandorx_at_aol.com wrote:
> Hi,
> I'm trying to setup a Squid server (Centos 5.5, Squid 2.6-STABLE21,
> x64) to help my users to connect to Windows Live (as well as to
> navigation). They _must_ use Windows Messenger (4.x, 5.x - the ones
> shipped by default with Windows XP).
> The Windows Messenger app login successfully (if you enter a wrong
> username/passw combination it refuses to connect) but cannot complete
> the sign in process, displaying (almost indefinitely "Singing in...").
> Looking in access.log, I only see:
> 1288735315.171 6858 TCP_MISS/200 8272 CONNECT
> login.live.com:443 - DIRECT/ -
> And then (many times, actually!):
> 1288735321.511 2048 TCP_MISS/200 1539 POST
> application/x-msn-messenger
> I tried using Windows Live Messenger (2009) and it worked perfectly. I
> even tried using an ISA Server 2006 with Windows Messenger (5.x) and
> worked as well. I don't have yet any special/tricky ACL, only
> "http_access allow all" to avoid confusions.
> Does anybody has a similar setup (squid + windows messenger) ? Any
> is appreciated.

 Do you have "balance_on_multiple_ip" set to off? It needs to be

The problems may be this:
  security keys validation sent via CONNECT ... DIRECT/
  login actually performed via POST to ... DIRECT/

An edcated guess is that the Live software uses HTTP/1.1 and persistent

Why do you have this strict MUST requirement on using very old versions?
  Part of the problem may also be that the Live servers refuse login
from old releases with known remote-access security vulnerabilities.


Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for
Received on Fri Nov 05 2010 - 20:42:40 MDT

This archive was generated by hypermail 2.2.0 : Sat Nov 06 2010 - 12:00:04 MDT