Solved

squid proxy server not allowing MSN Messenger login

Posted on 2011-09-26
10
588 Views
Last Modified: 2012-05-12
Hi Guys

I have setup a basic squid 3 proxy server and I am struggling to get users to login to there MSN messenger accounts.

I have tried the various ACL's available but still no luck.

Please let me know what information you need from me to get started.
0
Comment
Question by:mfg1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 3

Expert Comment

by:dbauermann
ID: 36691477
I didn't understand... Usually the administrador has diffilcuty to deny MSN Messenger...

Are you sure that you haven't rules in iptaples?

Can you post your ACL's?
0
 
LVL 78

Expert Comment

by:arnold
ID: 36697586
You might be filtering cookies.
How are the proxy settings in the workstations configured?  Does it secure only http traffic or does it secure all protocols?

0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36710385
Hi,

Make sure you have  open and allow TCP Port 1863 and have access to login.live.com
Have to verify on Squid ACL and IPtables/Firewall or Gateway Rules.

-regards
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Author Comment

by:mfg1
ID: 36711071
Hi Guys

Please see my squid config, I have even tried to setup a new squid system and it never worked either.

also I do have port 1863 open.
Also no IP tables very basic setup.

This config is a bit messy because its in testing.

------------------------------------------------------------------------------------
#
auth_param basic program /usr/sbin/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
acl ncsa_users proxy_auth REQUIRED

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.50.16.0/24
acl whitelist dstdomain "/etc/squid/WL/sites.whitelist.txt"
acl localnet src 172.16.0.0/12
acl localnet src 192.168.1.0/16

# MSN Messenger

acl msn url_regex -i gateway.dll
acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type ^application/x-msn-messenger$

acl SSL_ports port 443 563 1495 1494
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563 1495 1494
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl HTTPS proto HTTPS
acl CONNECT method CONNECT
acl SSL method CONNECT
acl SSLVPN port 8832


access_log /var/log/squid/access.log squid
http_access allow whitelist

http_access allow ncsa_users
http_access allow manager localhost
http_access allow all
http_access deny manager
http_access deny msnd
http_access deny msn
http_access deny msn1
http_access allow SSL
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

icp_access allow localnet
icp_access deny all

always_direct allow all

#Connecting squid to squidGuard (RYAN)
redirect_program /usr/sbin/squidGuard /etc/squidguard.conf

------------------------------------------------------------------------------------

Any help appreciated.

0
 
LVL 4

Author Comment

by:mfg1
ID: 36711082
by the way it does work fine with the proxy settings entered on client machine
the client settings I am using are the IP x.x.x.x and port 3128 and nsca authentication but have tried with no auth and still same issue.
0
 
LVL 4

Author Comment

by:mfg1
ID: 36711086
sorry mistake in last post it should have read.
by the way it does work fine without the proxy settings entered on client machine
0
 
LVL 5

Expert Comment

by:hvillanu
ID: 36711732
Hi,



Add
.login.live.com
on sites.whitelist.txt (watch the "dot" at the beginning of the domain address).

Add acl All_dst dst all (to allow all address access at whitelist)



Whe a Rule Marches, then Squid stop validating the rest, so then the client matches this:
http_access allow all
The rest of the rules aren't chechecked

Start your rules with:
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow whitelist
#Next is new#
http_access allow All_dst !all


Then apply deny Rules as you need.

0
 
LVL 4

Author Comment

by:mfg1
ID: 36712669
i will give this a try tomorrow thanks.
0
 
LVL 1

Expert Comment

by:aartha
ID: 36716201
modify the rules as allow

http_access allow msnd
http_access allow msn
http_access allow msn1
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 36716252
You have a requirement for ncsa_users I think this is what the issue is i.e. the user login is not handled by msn messenger.

0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question