Search squid archive

squid + Office365 + Trend Micro

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I've successfully set up a debian squid + squidguard proxyserver using
Kerberos to WIN2008 domain.
Everything works as expected, except whatever I do I can't get this
exception to work for our
office365 environment and our Trend Micro AV (cloud with agents).

You can check my /squid.conf/ in my signature..

/my_acl_definitions.conf/ has
*acl direct dstdomain /etc/squid3/conf.d/domains*

/my_access.conf/ has
*http_access allow auth all
http_access allow !auth direct
http_access deny all*

/domains/ has
*.live.com
.lync.com
.glbdns.microsoft.com 
.microsoft.com
.microsoftonline.com
.microsoftonline-p.net
.microsoftonline-p.com
.microsoftonlineimages.com
.microsoftonlinesupport.net
.msn.com
.msn.co.jp
.msn.co.uk
.msecnd.net
.msocdn.com
.office.net
.office365.com
.officeapps.live.com
.outlook.com
.sharepoint.com
.sharepointonline.com
.activedirectory.windowsazure.com
.phonefactor.net
.aadrm.com
.trendmicro.com
.outlook.com*

/access.log/
*1392112172.984      0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.988      0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.990      0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112172.993      0 10.10.10.58 TCP_DENIED/407 4129 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112173.244      0 10.10.10.58 TCP_DENIED/407 4150 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.808      0 10.10.10.58 TCP_DENIED/407 4148 GET
http://office.microsoft.com/client/15/templates/start? - NONE/- text/html
1392112526.841      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.843      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.846      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.849      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.852      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
1392112526.855      0 10.10.10.58 TCP_DENIED/407 4128 OPTIONS
http://office.microsoft.com/client/15/templates/ - NONE/- text/html
*

This only occurs when a client with Office 2012 connects to Office365.
(login prompt)

*1392112407.358      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.362      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.366      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.370      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.373      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.915      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.917      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.921      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.925      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.930      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392112407.933      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html
1392113039.469      0 10.10.10.58 TCP_DENIED/407 3606 CONNECT
odc.officeapps.live.com:443 - NONE/- text/html*

Trend Micro alerts (client agent can scan and update but status is shown
red...)

*1392020956.008      1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.010      1 10.10.10.222 TCP_DENIED/407 3951 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.022      1 10.10.10.222 TCP_DENIED/407 3956 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.024      1 10.10.10.222 TCP_DENIED/407 3953 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020956.026      0 10.10.10.222 TCP_DENIED/407 3931 CONNECT
wfbssvc51.icrc.trendmicro.com:443 - NONE/- text/html
1392020975.692      0 10.10.10.222 TCP_DENIED/407 4382 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.693      0 10.10.10.222 TCP_DENIED/407 4529 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.706      1 10.10.10.222 TCP_DENIED/407 4382 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392020975.708      0 10.10.10.222 TCP_DENIED/407 4527 GET
http://wfbs-svc50-en.url.trendmicro.com/T/128/zNEsOn1a_kd_RI6YGnho8iCUPl3r418cAiHfhXRAQAAmhIJ9cIhl0psS9zNeKVWtmMBWkaswp8PLJPrURUYLUXPmRd9D3j2cDnR59QHDXqUKpcLar8P7YX-OFkV3vihW
- NONE/- text/html
1392021040.654      0 10.10.10.39 TCP_DENIED/407 3642 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021040.656      0 10.10.10.39 TCP_DENIED/407 3642 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021040.664      0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021040.667      0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021040.670      0 10.10.10.39 TCP_DENIED/407 3777 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021059.460      0 10.10.10.222 TCP_DENIED/407 3643 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021059.462      0 10.10.10.222 TCP_DENIED/407 3643 CONNECT
wfbs-svc-emea-aal.trendmicro.com:443 - NONE/- text/html
1392021059.465      0 10.10.10.222 TCP_DENIED/407 3704 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html
1392021059.467      0 10.10.10.222 TCP_DENIED/407 3704 GET
http://wfbs-svc-emea-aal.trendmicro.com/ - NONE/- text/html*

Thank you for your time!

Stanny




-----
squid.conf 
--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-Office365-Trend-Micro-tp4664707.html
Sent from the Squid - Users mailing list archive at Nabble.com.
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux