|
Title: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: BD on Saturday 01 September 2012, 04:53:13 am Before you start flaming me... Yes, I've searched this forum, the squid forum and googled for answers and tried a number of edits to the squid.conf.tmpl file.
From the logs, it is definitely squid doing the blocking. Example of log: Aug 30 17:33:41 lab squid[9252]: 1346362421.438 0 192.168.4.13 TCP_DENIED/403 384 windowsupdate.microsoft.com - NONE/- text/html I'm using "transparent proxy" and running dansguardian. I've whitelisted all of the windows update sites in the content filtering. I probably tried some others too. Any help would be appreciated. BD Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: BD on Tuesday 04 September 2012, 12:59:17 am No one else has this problem?
BD Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: dda on Tuesday 04 September 2012, 02:07:49 am Lots of people have this problem. I am actually researching windows update alternatives because of this. It started in 2.51 and i have been researching it for months.
Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: BD on Tuesday 04 September 2012, 02:30:33 am Can I just shutdown the proxy and use the firewall with domain names?
Like: Allow port 80 dst microsoft.com? Thanks BD Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: dda on Tuesday 04 September 2012, 06:45:00 am I am not sure. I actually have a full 30+ user LAN behind my EFW so I can't risk shutting down the proxy as I use authentication and the content filter. I found a work around for server 2003 and I am now testing for server 2008. Some client machines running Windows 7 and XP I have found still get the updates but the servers would not work at all. You would have to decide if you want to remove the proxy on your network.
Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: BD on Tuesday 04 September 2012, 07:44:40 am I can run a mostly cut off network with only a few whitelist sites. I'll just dump EFW and go iptables. This is more trouble than it is worth.
BD Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: dda on Tuesday 04 September 2012, 08:46:52 am You could use EFW 2.41 instead that did not have the problem.
Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: mrkroket on Wednesday 05 September 2012, 08:55:44 am Try whitelistening .microsoft.com
Also check rules order, they are processed in order. Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: dda on Thursday 06 September 2012, 07:02:51 am Actually just yesterday Windows updates notified me of a new version which I installed and now the updates are working. Microsoft seems to have tweaked the software.
Title: Re: Endian 2.5.1 blocking Windows Update, Avast and Mozy Post by: endianupdate on Friday 21 September 2012, 01:18:03 am The way I do this is by having an access policy (Proxy > Http Access Policy) as follows;
Source type : zone (Green, Orange, Blue) Destination type : domain (add domains one per line .microsoft.com & .windowsupdate.com - note must have the leading . for it to work with squid) Access policy : allow access Filter profile : none (to make sure that dansguardian is bypassed for this domain) Position: first position I use this policy as my *whitelist* as I block downloads of executables for all websites apart for the ones in my whitelist in another policy Hope this helps. |