Solved

squid proxy server not allowing MSN Messenger login

Posted on 2011-09-26
10
577 Views
Last Modified: 2012-05-12
Hi Guys

I have setup a basic squid 3 proxy server and I am struggling to get users to login to there MSN messenger accounts.

I have tried the various ACL's available but still no luck.

Please let me know what information you need from me to get started.
0
Comment
Question by:mfg1
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 3

Expert Comment

by:dbauermann
ID: 36691477
I didn't understand... Usually the administrador has diffilcuty to deny MSN Messenger...

Are you sure that you haven't rules in iptaples?

Can you post your ACL's?
0
 
LVL 76

Expert Comment

by:arnold
ID: 36697586
You might be filtering cookies.
How are the proxy settings in the workstations configured?  Does it secure only http traffic or does it secure all protocols?

0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36710385
Hi,

Make sure you have  open and allow TCP Port 1863 and have access to login.live.com
Have to verify on Squid ACL and IPtables/Firewall or Gateway Rules.

-regards
0
 
LVL 4

Author Comment

by:mfg1
ID: 36711071
Hi Guys

Please see my squid config, I have even tried to setup a new squid system and it never worked either.

also I do have port 1863 open.
Also no IP tables very basic setup.

This config is a bit messy because its in testing.

------------------------------------------------------------------------------------
#
auth_param basic program /usr/sbin/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.50.16.0/24
acl whitelist dstdomain "/etc/squid/WL/sites.whitelist.txt"
acl localnet src 172.16.0.0/12
acl localnet src 192.168.1.0/16

# MSN Messenger

acl msn url_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type ^application/x-msn-messenger$

acl SSL_ports port 443 563 1495 1494
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563 1495 1494
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl HTTPS proto HTTPS
acl CONNECT method CONNECT
acl SSL method CONNECT
acl SSLVPN port 8832


access_log /var/log/squid/access.log squid
http_access allow whitelist

http_access allow ncsa_users
http_access allow manager localhost
http_access allow all
http_access deny manager
http_access deny msnd
http_access deny msn
http_access deny msn1
http_access allow SSL
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

icp_access allow localnet
icp_access deny all

always_direct allow all

#Connecting squid to squidGuard (RYAN)
redirect_program /usr/sbin/squidGuard /etc/squidguard.conf

------------------------------------------------------------------------------------

Any help appreciated.

0
 
LVL 4

Author Comment

by:mfg1
ID: 36711082
by the way it does work fine with the proxy settings entered on client machine
the client settings I am using are the IP x.x.x.x and port 3128 and nsca authentication but have tried with no auth and still same issue.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 4

Author Comment

by:mfg1
ID: 36711086
sorry mistake in last post it should have read.
by the way it does work fine without the proxy settings entered on client machine
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711732
Hi,



Add
.login.live.com
on sites.whitelist.txt (watch the "dot" at the beginning of the domain address).

Add acl All_dst dst all (to allow all address access at whitelist)



Whe a Rule Marches, then Squid stop validating the rest, so then the client matches this:
http_access allow all
The rest of the rules aren't chechecked

Start your rules with:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow whitelist
#Next is new#
http_access allow All_dst !all


Then apply deny Rules as you need.

0
 
LVL 4

Author Comment

by:mfg1
ID: 36712669
i will give this a try tomorrow thanks.
0
 
LVL 1

Expert Comment

by:aartha
ID: 36716201
modify the rules as allow

http_access allow msnd
http_access allow msn
http_access allow msn1
0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
ID: 36716252
You have a requirement for ncsa_users I think this is what the issue is i.e. the user login is not handled by msn messenger.

0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now