On 23/03/2017 2:44 a.m., Heiler Bemerguy wrote: > > Hi dude, > > I've noticed our users are being blocked by a rule which prevents > CONNECTs to IP addresses instead of FQDN. > > What puzzles me is WHY skype is trying to connect to IPs even after > connecting to FQDNs.. ? Have anyone noticed this? Any workaround apart > from whitelisting Microsoft IPs...... ??? This has always been the case. Skype was originally a P2P application, since end users normally do not have custom reverse-DNS entries for personal domain names (and Skype no easy way to reliably find out even if they do) those usually auto-negotiates its data connections using raw-IP to bust their way through NAT breakages, then uses the results. The domain name part at the beginning is a much more recent addition by MS to use their generic live.co autenticaion APIs, and not actually a part unique to Skype itself. That is why the wiki config example combines a regex ACL for matching raw-IP values in the URL, and the User-Agent header detection. Amos _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
