[squid-users] squid + Office365 + Trend Micro from grmbl on 2014-02-11 (squid-users)

From: grmbl <nuytkens.stanny_at_gmail.com>
Date: Tue, 11 Feb 2014 02:08:14 -0800 (PST)

Hello,

I've successfully set up a debian squid + squidguard proxyserver using
Kerberos to WIN2008 domain.
Everything works as expected, except whatever I do I can't get this
exception to work for our
office365 environment and our Trend Micro AV (cloud with agents).

You can check my /squid.conf/ in my signature..

/my_acl_definitions.conf/ has
*acl direct dstdomain /etc/squid3/conf.d/domains*

/my_access.conf/ has
*http_access allow auth all
http_access allow !auth direct
http_access deny all*

/domains/ has
*.live.com
.lync.com
.glbdns.microsoft.com
.microsoft.com
.microsoftonline.com
.microsoftonline-p.net
.microsoftonline-p.com
.microsoftonlineimages.com
.microsoftonlinesupport.net
.msn.com
.msn.co.jp
.msn.co.uk
.msecnd.net
.msocdn.com
.office.net
.office365.com
.officeapps.live.com
.outlook.com
.sharepoint.com
.sharepointonline.com
.activedirectory.windowsazure.com
.phonefactor.net
.aadrm.com
.trendmicro.com
.outlook.com*

/access.log/
*1392112172.984 0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.988 0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.990 0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.993 0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112173.244 0 10.10.10.58 TCP_DENIED/407 4150 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.808 0 10.10.10.58 TCP_DENIED/407 4148 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.841 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.843 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.846 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.849 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.852 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.855 0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
*

This only occurs when a client with Office 2012 connects to Office365.
(login prompt)

*1392112407.358 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.362 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.366 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.370 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.373 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.915 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.917 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.921 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.925 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.930 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.933 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392113039.469 0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html*

Trend Micro alerts (client agent can scan and update but status is shown
red...)

*1392020956.008 1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.010 1 10.10.10.222 TCP_DENIED/407 3951 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.022 1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.024 1 10.10.10.222 TCP_DENIED/407 3953 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.026 0 10.10.10.222 TCP_DENIED/407 3931 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020975.692 0 10.10.10.222 TCP_DENIED/407 4382 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.693 0 10.10.10.222 TCP_DENIED/407 4529 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.706 1 10.10.10.222 TCP_DENIED/407 4382 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.708 0 10.10.10.222 TCP_DENIED/407 4527 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392021040.654 0 10.10.10.39 TCP_DENIED/407 3642 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021040.656 0 10.10.10.39 TCP_DENIED/407 3642 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021040.664 0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021040.667 0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021040.670 0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021059.460 0 10.10.10.222 TCP_DENIED/407 3643 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021059.462 0 10.10.10.222 TCP_DENIED/407 3643 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021059.465 0 10.10.10.222 TCP_DENIED/407 3704 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021059.467 0 10.10.10.222 TCP_DENIED/407 3704 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html*

Thank you for your time!

Stanny

-----
squid.conf

--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-Office365-Trend-Micro-tp4664707.html
Sent from the Squid - Users mailing list archive at Nabble.com.

Received on Tue Feb 11 2014 - 10:09:01 MST

This archive was generated by hypermail 2.2.0 : Tue Feb 11 2014 - 12:00:08 MST