Hello everybody At our school we are using squid 2.7 stable on a Debian Lenny machine. Users are authenticated via an Active Directory. Users without Authentication are denied Internet access. Unfortunately we have some Windows Desktops, which are trying to pull their updates, without using the Credentials of the users Domain-Logon. These updates were consequently denied. Therefore we wanted to add exceptions to always allow connections to the Microsoft update sites. This is how I tried to implement this, by putting the following lines at the top of our squid.conf: acl windowsupdate dstdomain .microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate2 dst 89.202.157.135 acl windowsupdate2 dst 89.202.157.136 acl windowsupdate2 dst 89.202.157.137 acl windowsupdate2 dst 89.202.157.138 acl windowsupdate2 dst 89.202.157.139 acl windowsupdate dstdomain .eset.com acl windowsupdate dstdomain microsoftwga.112.207.net acl windowsupdate dstdomain .msft.net acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com acl localnet src 172.16.0.0/12 acl localhost src 127.0.0.1/32 http_access allow CONNECT wuCONNECT localnet http_access allow CONNECT wuCONNECT localhost http_reply_access allow CONNECT wuCONNECT localnet http_reply_access allow CONNECT wuCONNECT localhost http_access allow windowsupdate localnet http_access allow windowsupdate localhost http_reply_access allow windowsupdate localnet http_reply_access allow windowsupdate localhost Unfortunately its not working. It would be great, if anybody had some hints why this is not working, or if anybody has a working configuration himself. Any help is appreciated. Thank you very much Benedikt
