subject:"\[squid\-users\] squid \+ Office365 \+ Trend Micro"

[squid-users] squid + Office365 + Trend Micro

2014-02-11 Thread grmbl

Hello,

I've successfully set up a debian squid + squidguard proxyserver using
Kerberos to WIN2008 domain.
Everything works as expected, except whatever I do I can't get this
exception to work for our
office365 environment and our Trend Micro AV (cloud with agents).

You can check my /squid.conf/ in my signature..

/my_acl_definitions.conf/ has
*acl direct dstdomain /etc/squid3/conf.d/domains*

/my_access.conf/ has
*http_access allow auth all
http_access allow !auth direct
http_access deny all*

/domains/ has
*.live.com
.lync.com
.glbdns.microsoft.com 
.microsoft.com
.microsoftonline.com
.microsoftonline-p.net
.microsoftonline-p.com
.microsoftonlineimages.com
.microsoftonlinesupport.net
.msn.com
.msn.co.jp
.msn.co.uk
.msecnd.net
.msocdn.com
.office.net
.office365.com
.officeapps.live.com
.outlook.com
.sharepoint.com
.sharepointonline.com
.activedirectory.windowsazure.com
.phonefactor.net
.aadrm.com
.trendmicro.com
.outlook.com*

/access.log/
*1392112172.984  0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.988  0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.990  0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.993  0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112173.244  0 10.10.10.58 TCP_DENIED/407 4150 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.808  0 10.10.10.58 TCP_DENIED/407 4148 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.841  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.843  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.846  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.849  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.852  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.855  0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
*

This only occurs when a client with Office 2012 connects to Office365.
(login prompt)

*1392112407.358  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.362  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.366  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.370  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.373  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.915  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.917  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.921  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.925  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.930  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.933  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392113039.469  0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html*

Trend Micro alerts (client agent can scan and update but status is shown
red...)

*1392020956.008  1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.010  1 10.10.10.222 TCP_DENIED/407 3951 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.022  1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.024  1 10.10.10.222 TCP_DENIED/407 3953 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.026  0 10.10.10.222 TCP_DENIED/407 3931 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020975.692  0 10.10.10.222 TCP_DENIED/407 4382 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.693  0 10.10.10.222 TCP_DENIED/407 4529 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS

Re: [squid-users] squid + Office365 + Trend Micro

2014-02-11 Thread Michele Bergonzoni


*acl direct dstdomain /etc/squid3/conf.d/domains*

*http_access allow auth all
http_access allow !auth direct
http_access deny all*


Using the auth ACL, even with a negation, makes squid ask for 
authentication. What you probably wanted is:


http_access allow direct
http_access allow auth all
http_access deny all*

Hope this helps,
Bergonz


--
Ing. Michele Bergonzoni - Laboratori Guglielmo Marconi S.p.a.
Phone:+39-051-6781926 e-mail: berg...@labs.it
alt.advanced.networks.design.configure.operate

[squid-users] squid + Office365 + Trend Micro

Re: [squid-users] squid + Office365 + Trend Micro

2 matches

Site Navigation

Mail list logo

Footer information