Welcome, Guest. Please login or register.
Did you miss your activation email?
Sunday 15 December 2024, 10:55:11 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  Endian 2.5.1 blocking Windows Update, Avast and Mozy
0 Members and 3 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Endian 2.5.1 blocking Windows Update, Avast and Mozy  (Read 24748 times)
BD
Jr. Member
*
Offline Offline

Posts: 4


« on: Saturday 01 September 2012, 04:53:13 am »

Before you start flaming me...  Yes, I've searched this forum, the squid forum and googled for answers and tried a number of edits to the squid.conf.tmpl file.

From the logs, it is definitely squid doing the blocking.  Example of log:

Aug 30 17:33:41 lab squid[9252]: 1346362421.438 0 192.168.4.13 TCP_DENIED/403 384  windowsupdate.microsoft.com - NONE/- text/html

I'm using "transparent proxy" and running dansguardian.  I've whitelisted all of the windows update sites in the content filtering.

I probably tried some others too.  Any help would be appreciated.

BD
Logged
BD
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Tuesday 04 September 2012, 12:59:17 am »

No one else has this problem?

BD
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #2 on: Tuesday 04 September 2012, 02:07:49 am »

Lots of people have this problem.  I am actually researching windows update alternatives because of this.  It started in 2.51 and i have been researching it for months.
Logged
BD
Jr. Member
*
Offline Offline

Posts: 4


« Reply #3 on: Tuesday 04 September 2012, 02:30:33 am »

Can I just shutdown the proxy and use the firewall with domain names?

Like:

Allow port 80 dst microsoft.com?

Thanks

BD
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #4 on: Tuesday 04 September 2012, 06:45:00 am »

I am not sure.  I actually have a full 30+ user LAN behind my EFW so I can't risk shutting down the proxy as I use authentication and the content filter.  I found a work around for server 2003 and I am now testing for server 2008.  Some client machines running Windows 7 and XP I have found still get the updates but the servers would not work at all.  You would have to decide if you want to remove the proxy on your network.
Logged
BD
Jr. Member
*
Offline Offline

Posts: 4


« Reply #5 on: Tuesday 04 September 2012, 07:44:40 am »

I can run a mostly cut off network with only a few whitelist sites.  I'll just dump EFW and go iptables.  This is more trouble than it is worth.

BD
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #6 on: Tuesday 04 September 2012, 08:46:52 am »

You could use EFW 2.41 instead that did not have the problem.
Logged
mrkroket
Hero Member
*****
Offline Offline

Posts: 495


« Reply #7 on: Wednesday 05 September 2012, 08:55:44 am »

Try whitelistening .microsoft.com
Also check rules order, they are processed in order.
Logged
dda
Sr. Member
****
Offline Offline

Posts: 227


« Reply #8 on: Thursday 06 September 2012, 07:02:51 am »

Actually just yesterday Windows updates notified me of a new version which I installed and now the updates are working.  Microsoft seems to have tweaked the software.
Logged
endianupdate
Full Member
***
Offline Offline

Posts: 53


« Reply #9 on: Friday 21 September 2012, 01:18:03 am »

The way I do this is by having an access policy (Proxy > Http Access Policy) as follows;

Source type : zone (Green, Orange, Blue)
Destination type : domain (add domains one per line .microsoft.com & .windowsupdate.com - note must have the leading . for it to work with squid)
Access policy : allow access
Filter profile : none (to make sure that dansguardian is bypassed for this domain)
Position: first position

I use this policy as my *whitelist* as I block downloads of executables for all websites apart for the ones in my whitelist in another policy

Hope this helps.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.109 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com