Search squid archive

Re: Windows Messenger through Squid

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----Original Message-----
From: Amos Jeffries <squid3@xxxxxxxxxxxxx>
To: squid-users <squid-users@xxxxxxxxxxxxxxx>
Sent: Thu, Nov 4, 2010 11:33 pm
Subject: Re:  Windows Messenger through Squid


On 05/11/10 02:19, gsandorx@xxxxxxx wrote:
> Hi,
>
> I'm trying to setup a Squid server (Centos 5.5, Squid 2.6-STABLE21,
> x64) to help my users to connect to Windows Live (as well as to
provide
> navigation). They _must_ use Windows Messenger (4.x, 5.x - the ones
> shipped by default with Windows XP).
> The Windows Messenger app login successfully (if you enter a wrong
> username/passw combination it refuses to connect) but cannot complete
> the sign in process, displaying (almost indefinitely "Singing in...").
> Looking in access.log, I only see:
>
> 1288735315.171 6858 172.22.8.202 TCP_MISS/200 8272 CONNECT
> login.live.com:443 - DIRECT/65.54.186.17 -
>
> And then (many times, actually!):
>
> 1288735321.511 2048 172.22.8.202 TCP_MISS/200 1539 POST
> http://64.4.44.76/gateway/gateway.dll? - DIRECT/64.4.44.76
> application/x-msn-messenger
>
> I tried using Windows Live Messenger (2009) and it worked perfectly. I
> even tried using an ISA Server 2006 with Windows Messenger (5.x) and
it
> worked as well. I don't have yet any special/tricky ACL, only
> "http_access allow all" to avoid confusions.
>
> Does anybody has a similar setup (squid + windows messenger) ? Any
help
> is appreciated.
>

 Do you have "balance_on_multiple_ip" set to off? It needs to be


The problems may be this:
  security keys validation sent via CONNECT ... DIRECT/65.54.186.17
  login actually performed via POST to ... DIRECT/64.4.44.76

An edcated guess is that the Live software uses HTTP/1.1 and persistent
connections.

Why do you have this strict MUST requirement on using very old versions?
  Part of the problem may also be that the Live servers refuse login
from old releases with known remote-access security vulnerabilities.

Amos
--
Please be using
   Current Stable Squid 2.7.STABLE9 or 3.1.9
   Beta testers wanted for 3.2.0.2

----------------

I've been even trying using Squid 3.2.0.2, which I manually compiled.
As you know, Squid 3.2.0.2 has better support for HTTP/1.1 (I thought
it was something related with that, as Squid 2.6STABLE21 uses
HTTP/1.0). Now, with the sniffer I see HTTP/1.1 responses from Live
servers through Squid (when with Squid < 3.2 I was getting HTTP/1.0
responses). Furthermore, balance_on_multiple_ip is off by default in
3.2. Nothing changed.

I have to use this old software as I have _many_ users with this
software already installed, and upgrading would be a pain right now.

I don't think the problem is that Live servers are refusing to login
old releases. I was able to login in from the same clients using direct
connection and through an ISA server 2006 ....  :(

Thanks!





[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux