Re: [squid-users] Squid 3.1.0.12 allowing MSN Messenger - 502 from Amos Jeffries on 2009-08-04 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 05 Aug 2009 00:51:59 +1200

Daniel wrote:
> Ok, I was able to get it working this morning. Perhaps someone can update the ConfigExample for Chat to include Windows Live Messenger?? Would someone please explain why what I did worked? To be honest I just decided to give it a shot and since I do not understand the ACL's yet I am confused.
>
> All I did was add the following ACL:
> acl msn1 req_mime_type application/x-msn-messenger
>
> So I have two ACL's in regard to the mime type (and I question if I need the first one):
> acl msn1 req_mime_type ^application/x-msn-messenger$
> acl msn1 req_mime_type application/x-msn-messenger'
>
> Any ideas of why this worked / what I was doing wrong??

Probably nothing wrong. Thank you for finding this.

The ^ and $ mean there is expected to be absolutely no other text in the
mime header. There have been numerous sightings now of mime types with
advanced mime 'preferences' (aka q-values). Which break that pattern
completely.

I suspect you only need the second line (without the ' if thats really
in your config).

I have updated the example config to catch the wider possible types.

Amos

>
> -Daniel
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
> Sent: Monday, August 03, 2009 7:30 PM
> To: Daniel
> Cc: Squid-Users_at_Squid-Cache.org
> Subject: Re: [squid-users] Squid 3.1.0.12 allowing MSN Messenger - 502
>
> On Mon, 3 Aug 2009 17:09:31 -0400, "Daniel" <Squid_at_ZoomEmail.com> wrote:
>> Ok, I have been banging my head against a few issues so I'll start with
>> this
>> one.
>>
>> I read on http://wiki.squid-cache.org/ConfigExamples/Chat where I can
> make
>> MSN Messenger work through Squid. I am trying to allow MSN Messenger
> (Live)
>> to work through Squid. I believe the issue is around this 502 error... I
>> don't know, completely stumped.
>
> MSN Messenger is not he same as MSN Messenger Live.
>
> They are very different programs with very different access needs despite
> sharing some of the network servers and being able to talk to each other.
>
> You can help both yourself and others by tracking down exactly what the
> program is trying to do. From my own brief brush with Live, I recall it
> doing some form or HTTPS or SSL encrypted link directly with the servers
> before it was allowed to have any web contact the proxy could relay.
>
> The best bet is to try to isolate the computer running Live and see what
> connections its making, how and to where.
>
> Amos
>
>> My Squid.conf is the following & the access.log error message:
>>
>> ================ BEGIN squid.conf BEGIN ================
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/32
>> acl to_localhost dst 127.0.0.0/8
>> acl TestPoolIPs src 10.211.213.135 10.211.212.40
>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
>> acl sclthdq01w src 10.211.194.187/32 # custom acl for apache/cache
>> manager
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>> http_access allow manager localhost
>> http_access allow manager sclthdq01w
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>> #http_access allow localnet
>> http_access allow localhost
>> http_access allow TestPoolIPs
>>
>> # MSN Messenger
>> acl msn urlpath_regex -i /gateway/gateway.dll
>> acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
>> acl msn1 req_mime_type ^application/x-msn-messenger$
>> http_access allow msnd
>> http_access allow msn
>> http_access allow msn1
>>
>> http_access deny all
>> http_port 3128
>> hierarchy_stoplist cgi-bin ?
>> coredump_dir /usr/local/squid/var/cache
>> cache_mem 512 MB
>> refresh_pattern ^ftp: 1440 20% 10080
>> refresh_pattern ^gopher: 1440 0% 1440
>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
>> refresh_pattern . 0 20% 4320
>> ================ END squid.conf END ================
>>
>> ================ BEGIN access.log snippet BEGIN ================
>> 1249333460.877 167 10.211.212.40 TCP_MISS/502 4074 POST
>> http://gateway.messenger.hotmail.com/gateway/gateway.dll? -
>> DIRECT/65.54.239.21 text/html
>> ================ END access.log snippet END ================
>>
>> I don't believe that this has anything to do with it now, but just as an
>> FYI
>> I tried to use another 'regex' command:
>> acl msn url_regex -i gateway.dll
>

-- 
Please be using
   Current Stable Squid 2.7.STABLE6 or 3.0.STABLE17
   Current Beta Squid 3.1.0.12

Received on Tue Aug 04 2009 - 12:52:15 MDT

This archive was generated by hypermail 2.2.0 : Tue Aug 04 2009 - 12:00:03 MDT