Re: Squid 3.1.0.12 allowing MSN Messenger - 502

[Amos Jeffries <squid3@xxxxxxxxxxxxx>]

Daniel wrote:
> Ok, I was able to get it working this morning. Perhaps someone can update the ConfigExample for Chat to include Windows Live Messenger?? Would someone please explain why what I did worked? To be honest I just decided to give it a shot and since I do not understand the ACL's yet I am confused.
>
> All I did was add the following ACL:
> acl msn1 req_mime_type application/x-msn-messenger
>
> So I have two ACL's in regard to the mime type (and I question if I need the first one):
> acl msn1 req_mime_type ^application/x-msn-messenger$
> acl msn1 req_mime_type application/x-msn-messenger'
>
> Any ideas of why this worked / what I was doing wrong??

Probably nothing wrong. Thank you for finding this.

The ^ and $ mean there is expected to be absolutely no other text in the 
mime header. There have been numerous sightings now of mime types with 
advanced mime 'preferences' (aka q-values). Which break that pattern 
completely.

I suspect you only need the second line (without the ' if thats really 
in your config).

I have updated the example config to catch the wider possible types.


Amos

> -Daniel
>
> -----Original Message-----
> From: Amos Jeffries [mailto:squid3@xxxxxxxxxxxxx] 
> Sent: Monday, August 03, 2009 7:30 PM
> To: Daniel
> Cc: Squid-Users@xxxxxxxxxxxxxxx
> Subject: Re:  Squid 3.1.0.12 allowing MSN Messenger - 502
>
> On Mon, 3 Aug 2009 17:09:31 -0400, "Daniel" <Squid@xxxxxxxxxxxxx> wrote:
> > Ok, I have been banging my head against a few issues so I'll start with
> > this
> > one.
> >
> > I read on http://wiki.squid-cache.org/ConfigExamples/Chat where I can
> make
> > MSN Messenger work through Squid. I am trying to allow MSN Messenger
> (Live)
> > to work through Squid. I believe the issue is around this 502 error... I
> > don't know, completely stumped.
>
> MSN Messenger is not he same as MSN Messenger Live.
>
> They are very different programs with very different access needs despite
> sharing some of the network servers and being able to talk to each other.
>
> You can help both yourself and others by tracking down exactly what the
> program is trying to do. From my own brief brush with Live, I recall it
> doing some form or HTTPS or SSL encrypted link directly with the servers
> before it was allowed to have any web contact the proxy could relay.
>
> The best bet is to try to isolate the computer running Live and see what
> connections its making, how and to where.
>
> Amos
>
> > My Squid.conf is the following & the access.log error message:
> >
> > ================ BEGIN squid.conf BEGIN ================
> > acl manager proto cache_object
> > acl localhost src 127.0.0.1/32
> > acl to_localhost dst 127.0.0.0/8
> > acl TestPoolIPs src 10.211.213.135 10.211.212.40
> > acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
> > acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
> > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> > acl sclthdq01w src 10.211.194.187/32    # custom acl for apache/cache
> > manager
> > acl SSL_ports port 443
> > acl Safe_ports port 80          # http
> > acl Safe_ports port 21          # ftp
> > acl Safe_ports port 443         # https
> > acl Safe_ports port 70          # gopher
> > acl Safe_ports port 210         # wais
> > acl Safe_ports port 1025-65535  # unregistered ports
> > acl Safe_ports port 280         # http-mgmt
> > acl Safe_ports port 488         # gss-http
> > acl Safe_ports port 591         # filemaker
> > acl Safe_ports port 777         # multiling http
> > acl CONNECT method CONNECT
> > http_access allow manager localhost
> > http_access allow manager sclthdq01w
> > http_access deny manager
> > http_access deny !Safe_ports
> > http_access deny CONNECT !SSL_ports
> > #http_access allow localnet
> > http_access allow localhost
> > http_access allow TestPoolIPs
> >
> > # MSN Messenger
> > acl msn urlpath_regex -i /gateway/gateway.dll
> > acl msnd dstdomain messenger.msn.com gateway.messenger.hotmail.com
> > acl msn1 req_mime_type ^application/x-msn-messenger$
> > http_access allow msnd
> > http_access allow msn
> > http_access allow msn1
> >
> > http_access deny all
> > http_port 3128
> > hierarchy_stoplist cgi-bin ?
> > coredump_dir /usr/local/squid/var/cache
> > cache_mem 512 MB
> > refresh_pattern ^ftp:           1440    20%     10080
> > refresh_pattern ^gopher:        1440    0%      1440
> > refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> > refresh_pattern .               0       20%     4320
> > ================ END squid.conf END ================
> >
> > ================ BEGIN access.log snippet BEGIN ================
> > 1249333460.877    167 10.211.212.40 TCP_MISS/502 4074 POST
> > http://gateway.messenger.hotmail.com/gateway/gateway.dll? -
> > DIRECT/65.54.239.21 text/html
> > ================ END access.log snippet END ================
> >
> > I don't believe that this has anything to do with it now, but just as an
> > FYI
> > I tried to use another 'regex' command:
> > acl msn url_regex -i gateway.dll


--
Please be using
  Current Stable Squid 2.7.STABLE6 or 3.0.STABLE17
  Current Beta Squid 3.1.0.12