Re: [squid-users] Allow MSN messenger from Chad Naugle on 2011-02-08 (squid-users)

From: Chad Naugle <Chad.Naugle_at_travimp.com>
Date: Tue, 08 Feb 2011 13:35:16 -0500

Which all looks ok, but is there an "http_access" that allows anything
other than the "CONNECT" method, such as:

http_access allow MSN_hosts
http_access allow MSN_domains
http_access allow MSN_net

Not to mention any other sites / hosts / ports (Such as port 80) before
the "http_access deny all", because whenever stacking ACL's there is an
implied "AND" operator, so each line only works like this:

"Method is CONNECT" AND "Ports" AND "Destination is <list>"

Otherwise DENY ALL is the likely culprit.

>>> David Touzeau <david_at_touzeau.eu> 2/8/2011 1:22 PM >>>

Dear i Use squid 3.1.10 and i would like to allow MSN messenger pass
trough squid

According wikis i did this :

# Permit MSN
acl MSN_ports port 1863 443 1503
acl MSN_domains
dstdomain .microsoft.com .hotmail.com .live.com .msft.net .msn.com
.passport.com
acl MSN_hosts dstdomain messenger.hotmail.com
acl MSN_nets dst 207.46.111.0/255.255.255.0
acl MSN_methods method CONNECT

http_access allow MSN_methods MSN_ports MSN_hosts
http_access allow MSN_methods MSN_ports MSN_domains
http_access allow MSN_methods MSN_ports MSN_net

But MSN still did want to connect with these errors:

192.168.82.173 - - [08/Feb/2011:10:48:38 -04-30] "POST
http://www.sqm.microsoft.com/sqm/messenger/sqmserver.dll HTTP/1.1" 403
1662 TCP_MISS:DIRECT
192.168.82.173 - - [08/Feb/2011:10:48:39 -04-30] "POST
http://www.sqm.microsoft.com/sqm/messenger/sqmserver.dll HTTP/1.1" 403
1662 TCP_MISS:DIRECT
192.168.82.173 - - [08/Feb/2011:10:48:39 -04-30] "POST
http://www.sqm.microsoft.com/sqm/messenger/sqmserver.dll HTTP/1.1" 403
1662 TCP_MISS:DIRECT

Where i'm wrong ??

Best regards

Travel Impressions made the following annotations
-------------------------------------------------------------
"This message and any attachments are solely for the intended recipient
and may contain confidential or privileged information. If you are not
the intended recipient, any disclosure, copying, use, or distribution of
the information included in this message and any attachments is
prohibited. If you have received this communication in error, please
notify us by reply e-mail and immediately and permanently delete this
message and any attachments.
Thank you."
Received on Tue Feb 08 2011 - 18:35:36 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 09 2011 - 12:00:02 MST