Re: [squid-users] dstdomain question
The http_access should look like this: http_access allow msnmessenger msnURL The two separate lines mean that you allow all kind of connections to the listed domains and you also allow all connections that have gateway.dll in the url (non msnURL sites too). For example you can browse msn.com without auth and you can also download http://haxx0r.net/gateway.dll/botnet-client-install.exe :D Regards Bgs Monah Baki wrote: I think I got it, I am able to connect once I added in my squid.conf the following acl msnmessenger url_regex -i gateway.dll acl msnURL dstdomain .passport.com acl msnURL dstdomain .live.com acl msnURL dstdomain .msn.com http_access allow msnmessenger http_access allow msnURL This works on my MAC OS X, will test on windows. On Mar 9, 2008, at 10:30 AM, Monah Baki wrote: Hi all, I'm running squid with authentication, and my users are running IE. Of-course once they enable proxy in IE setting, MSN no longer works. I read by using the dstdomain before authentication in your squid.conf, users are able to use MSN messenger without manually adding the username and proxy in their MSN setting. What's the syntax for this in squid.conf Thank you BSD Networking, Microsoft Notworking BSD Networking, Microsoft Notworking
Re: [squid-users] dstdomain question
The main logic in a nutshell: acl: elements are ORed (be it a single line, multiple line or file) http_access: a single line's acl elements are ANDed and if matched, you get a final allow or deny depending what your line says. If there is no match, check goes to the next line. In your case: http_access allow msnmessenger Does the url contain the case insensitive regex gateway.dll? If yes allow connection. This will let through your MSN connections _and_ everything that looks similar (see example in previous mail). Anything that is not mached by the above goes on to the next rule: http_access allow msnURL Is the destination in the list of the given domains? If yes allow connection. (This includes www.msn.com site browsing for instance). Both of your rules are enough to let msn through but in this separate way you have it like this: - Probably all msn requests are allowed on the first rule and the second one does nothing. - You open up a lot of possible requests unauthenticated and also bypassing possible filters you have after these. Regards Bgs [EMAIL PROTECTED] wrote: Thanks for the tip. I thought having the 2 rules seperately is equivalent to merging them in 1 line, now I know. So how does squid now interpret http_access allow msnmessenger msnURL Thank you The http_access should look like this: http_access allow msnmessenger msnURL The two separate lines mean that you allow all kind of connections to the listed domains and you also allow all connections that have gateway.dll in the url (non msnURL sites too). For example you can browse msn.com without auth and you can also download http://haxx0r.net/gateway.dll/botnet-client-install.exe :D Regards Bgs Monah Baki wrote: I think I got it, I am able to connect once I added in my squid.conf the following acl msnmessenger url_regex -i gateway.dll acl msnURL dstdomain .passport.com acl msnURL dstdomain .live.com acl msnURL dstdomain .msn.com http_access allow msnmessenger http_access allow msnURL This works on my MAC OS X, will test on windows. On Mar 9, 2008, at 10:30 AM, Monah Baki wrote: Hi all, I'm running squid with authentication, and my users are running IE. Of-course once they enable proxy in IE setting, MSN no longer works. I read by using the dstdomain before authentication in your squid.conf, users are able to use MSN messenger without manually adding the username and proxy in their MSN setting. What's the syntax for this in squid.conf Thank you BSD Networking, Microsoft Notworking BSD Networking, Microsoft Notworking
[squid-users] dstdomain question
Hi all, I'm running squid with authentication, and my users are running IE. Of-course once they enable proxy in IE setting, MSN no longer works. I read by using the dstdomain before authentication in your squid.conf, users are able to use MSN messenger without manually adding the username and proxy in their MSN setting. What's the syntax for this in squid.conf Thank you BSD Networking, Microsoft Notworking
Re: [squid-users] dstdomain question
I think I got it, I am able to connect once I added in my squid.conf the following acl msnmessenger url_regex -i gateway.dll acl msnURL dstdomain .passport.com acl msnURL dstdomain .live.com acl msnURL dstdomain .msn.com http_access allow msnmessenger http_access allow msnURL This works on my MAC OS X, will test on windows. On Mar 9, 2008, at 10:30 AM, Monah Baki wrote: Hi all, I'm running squid with authentication, and my users are running IE. Of-course once they enable proxy in IE setting, MSN no longer works. I read by using the dstdomain before authentication in your squid.conf, users are able to use MSN messenger without manually adding the username and proxy in their MSN setting. What's the syntax for this in squid.conf Thank you BSD Networking, Microsoft Notworking BSD Networking, Microsoft Notworking
