We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working except when
a user tries to access Microsoft Lync 2013 they get a password prompt.
I've searched the web and spent countless hours on this with no luck, anyone
able to shed some light?
When i start my Microsoft Lync 2013 client, on access.log I see the following
hit when the proxy dialog box shows up within the Lync application.
1412717278.341 516 172.16.12.110 TCP_MISS/200 11695 CONNECT
login.microsoftonline.com:443 - DIRECT/65.52.244.66 -
Here is my squid.conf file:
I've tried to add all of the published URLs and IPs that Microsoft lists for
Office 365 and related products, but I still have no luck.. anyone able to
assist?
# Port on which Squid will lisen onhttp_port 8080
# Authenticationauth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
--helper-protocol=squid-2.5-ntlmsspauth_param ntlm children 5auth_param ntlm
keep_alive onauth_param basic program c:/squid/libexec/mswin_ntlm_auth.exe
--helper-protocol=squid-2.5-basicauth_param basic children 5auth_param basic
realm Proxy Serverauth_param basic credentialsttl 2 hoursauth_param basic
casesensitive offauthenticate_cache_garbage_interval 10 seconds
# Squid Defaultsacl all src allacl manager proto cache_objectacl localhost src
127.0.0.1
# Class C Internal Subnet - Defaultsacl localnet src 10.0.0.0/8acl localnet src
172.16.0.0/12acl localnet src 192.168.0.0/16
# ACLs# for destination machineacl lan_dst dst 172.16.0.0/16# for source
machineacl lan_src src 172.16.0.0/16# for destination domainacl lan_domain
dstdomain .contoso.com
# SSL Portsacl SSL_ports port 443 8180 8443 563 1494 2598 8531
# Standard Portsacl Safe_ports port 80
# httpacl Safe_ports port 81 # http for Pacific
Brokerageacl Safe_ports port 21 #
ftpacl Safe_ports port 443 563 # httpacl
Safe_ports port 70 # gopheracl
Safe_ports port 210 # waisacl
Safe_ports port 280 # http-mgmtacl
Safe_ports port 488 # gss-httpacl
Safe_ports port 591 #
filemakeracl Safe_ports port 777 #
multiling httpacl Safe_ports port 8080 8081 8082 8088 8180acl Safe_ports port
3128 # Squid http serveracl Safe_ports port 1494
2598 # ICA - Citrixacl Safe_ports port 7000 8000
# Oracleacl Safe_ports port 9000 #
Oracleacl Safe_ports port 8530 # WSUSacl
Safe_ports port 55905 # WSUSacl Safe_ports port
1025-65535 # unregistered ports
external_acl_type AD_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe
-Gacl AuthorizedUsers proxy_auth REQUIRED
# ACL - Microsoftacl msdomains dstdomain .windowsupdate.com acl msdomains
dstdomain .microsoft.comacl msdomains dstdomain .windows.comacl msdomains
dstdomain .live.comacl msdomains dstdomain .msecnd.netacl msdomains dstdomain
.microsoftonline.comacl msdomains dstdomain .office365.comacl msdomains
dstdomain .lync.comacl msdomains dstdomain .office.comacl msdomains dstdomain
.onmicrosoft.comacl msdomains dstdomain .microsoftonline-p.comacl msdomains
dstdomain .microsoftonline-p.netacl msdomains dstdomain
.microsoftonlineimages.comacl msdomains dstdomain
.microsoftonlinesupport.netacl msdomains dstdomain .msocdn.comacl msdomains
dstdomain .msn.comacl msdomains dstdomain .msn.co.jpacl msdomains dstdomain
.msn.co.ukacl msdomains dstdomain .office.netacl msdomains dstdomain
.aadrm.comacl msdomains dstdomain .cloudapp.netacl msdomains dstdomain
.windowsazure.comacl msdomains dstdomain .phonefactor.netacl msdomains
dstdomain .symcb.com
# ACL - SSL Providersacl registars dstdomain .verisign.comacl registars
dstdomain .godaddy.com
# LYNCacl lync2013 dst 65.54.54.128/25acl lync2013 dst 65.55.121.128/27acl
lync2013 dst 65.55.127.0/24acl lync2013 dst 111.221.17.128/27acl lync2013 dst
111.221.22.64/26acl lync2013 dst 111.221.76.96/27acl lync2013 dst
111.221.76.128/25acl lync2013 dst 111.221.77.0/26acl lync2013 dst
134.170.0.0/25acl lync2013 dst 157.55.40.128/25acl lync2013 dst
157.55.46.0/27acl lync2013 dst 157.55.46.64/26acl lync2013 dst
157.55.104.96/27acl lync2013 dst 157.55.229.128/27acl lync2013 dst
157.55.232.128/26acl lync2013 dst 157.55.238.0/25acl lync2013 dst
207.46.5.0/24acl lync2013 dst 207.46.7.128/27acl lync2013 dst 207.46.57.0/25
# OFFICE 365 PORTAL AND IDENTITYacl 365portal dst 23.96.208.238acl 365portal
dst 23.97.64.252acl 365portal dst 23.97.68.113acl 365portal dst 23.97.70.147acl
365portal dst 23.97.72.158acl 365portal dst 23.97.72.161acl 365portal dst
23.97.72.165acl 365portal dst 23.97.98.128acl 365portal dst 23.97.99.4acl
365portal dst 23.97.99.164acl 365portal dst 23.97.100.76acl 365portal dst
23.97.100.92acl 365portal dst 23.97.100.105acl 365portal dst 23.97.100.152acl
365portal dst 23.97.102.90acl 365portal dst 23.97.148.36acl 365portal dst
23.97.148.228acl 365portal dst 23.98.66.168acl 365portal dst 23.98.69.116acl
365portal dst 23.98.70.90acl 365portal dst 23.99.129.26acl 365portal dst
23.99.129.173acl 365portal dst 23.99.194.77acl 365portal dst 23.99.196.232acl
365portal dst 23.99.226.167acl 365portal dst 23.99.227.124acl 365portal dst
23.102.64.16acl 365portal dst 23.102.64.255acl 365portal dst 23.102.65.171acl
365portal dst 23.102.65.203acl 365portal dst 23.102.65.221acl 365portal dst
65.52.64.61acl 365portal dst 65.52.64.230acl 365portal dst 65.52.136.224acl
365portal dst 65.52.144.125acl 365portal dst 65.52.148.27acl 365portal dst
65.52.184.75acl 365portal dst 65.52.196.64acl 365portal dst 65.52.228.75acl
365portal dst 65.52.228.100acl 365portal dst 65.52.236.160acl 365portal dst
65.52.244.66acl 365portal dst 65.54.54.32/27acl 365portal dst 65.54.55.201acl
365portal dst 65.54.74.0/23acl 365portal dst 65.54.80.0/20acl 365portal dst
65.54.165.0/25acl 365portal dst 65.55.86.0/23acl 365portal dst
65.55.233.0/27acl 365portal dst 65.55.239.168acl 365portal dst 70.37.56.152acl
365portal dst 70.37.97.234acl 365portal dst 70.37.128.0/23acl 365portal dst
70.37.142.0/23acl 365portal dst 70.37.150.128/25acl 365portal dst
70.37.159.0/24acl 365portal dst 70.37.160.72acl 365portal dst 70.37.160.202acl
365portal dst 94.245.68.0/22acl 365portal dst 94.245.82.0/23acl 365portal dst
94.245.84.0/24acl 365portal dst 94.245.86.0/24acl 365portal dst
94.245.88.223acl 365portal dst 94.245.88.194acl 365portal dst 94.245.117.53acl
365portal dst 94.245.108.85acl 365portal dst 111.221.16.0/21acl 365portal dst
111.221.24.0/21acl 365portal dst 111.221.70.0/25acl 365portal dst
111.221.71.0/25acl 365portal dst 111.221.111.196acl 365portal dst
111.221.127.112/28acl 365portal dst 132.245.0.0/16acl 365portal dst
134.170.0.0/16acl 365portal dst 137.135.47.6acl 365portal dst 137.135.47.4acl
365portal dst 137.135.47.28acl 365portal dst 137.116.32.43acl 365portal dst
137.116.32.61acl 365portal dst 137.116.48.66acl 365portal dst 137.116.48.69acl
365portal dst 137.116.64.162acl 365portal dst 137.116.129.62/32acl 365portal
dst 137.117.99.175acl 365portal dst 137.117.103.21acl 365portal dst
137.135.41.12/32acl 365portal dst 137.135.42.195/32acl 365portal dst
137.135.43.100/32acl 365portal dst 137.135.44.5/32acl 365portal dst
137.135.44.73/32acl 365portal dst 137.135.48.128/32acl 365portal dst
138.91.17.43acl 365portal dst 138.91.17.108acl 365portal dst 138.91.18.52acl
365portal dst 138.91.2.208acl 365portal dst 138.91.2.210acl 365portal dst
138.91.2.212acl 365portal dst 157.55.45.128/25acl 365portal dst
157.55.59.128/25acl 365portal dst 157.55.80.175acl 365portal dst
157.55.80.182acl 365portal dst 157.55.84.13/32acl 365portal dst
157.55.84.19/32acl 365portal dst 157.55.84.80/32acl 365portal dst
157.55.84.237/32acl 365portal dst 157.55.130.0/25acl 365portal dst
157.55.145.0/25acl 365portal dst 157.55.155.0/25acl 365portal dst
157.55.168.18acl 365portal dst 157.55.176.63acl 365portal dst 157.55.185.100acl
365portal dst 157.55.194.46acl 365portal dst 157.55.208.198acl 365portal dst
157.55.227.192/26acl 365portal dst 157.55.252.101acl 365portal dst
157.56.0.0/16acl 365portal dst 168.61.33.178/32acl 365portal dst
168.61.35.252/32acl 365portal dst 168.61.36.121acl 365portal dst
168.61.37.63/32acl 365portal dst 168.61.38.105acl 365portal dst
168.61.39.14/32acl 365portal dst 168.61.82.81/32acl 365portal dst
168.61.83.48/32acl 365portal dst 168.61.85.180/32acl 365portal dst
168.61.85.193/32acl 365portal dst 168.61.144.76acl 365portal dst
168.61.208.197acl 365portal dst 168.62.4.28acl 365portal dst 168.62.11.24acl
365portal dst 168.62.11.117acl 365portal dst 168.62.16.112acl 365portal dst
168.62.16.140acl 365portal dst 168.62.16.149acl 365portal dst 168.62.24.104acl
365portal dst 168.62.24.114acl 365portal dst 168.62.24.150acl 365portal dst
168.62.41.25acl 365portal dst 168.62.42.89acl 365portal dst 168.62.52.198acl
365portal dst 168.62.52.203acl 365portal dst 168.62.60.71acl 365portal dst
168.62.60.80acl 365portal dst 168.62.104.146acl 365portal dst 168.62.176.34acl
365portal dst 168.62.179.4acl 365portal dst 168.62.180.151acl 365portal dst
168.63.16.66/32acl 365portal dst 168.63.16.112/32acl 365portal dst
168.63.16.114/32acl 365portal dst 168.63.16.141acl 365portal dst
168.63.17.221/32acl 365portal dst 168.63.25.227acl 365portal dst 168.63.27.2acl
365portal dst 168.63.166.200acl 365portal dst 168.63.165.67acl 365portal dst
168.63.164.177acl 365portal dst 168.63.208.73/32acl 365portal dst
168.63.213.203/32acl 365portal dst 168.63.214.35/32acl 365portal dst
168.63.216.117/32acl 365portal dst 168.63.250.173/32acl 365portal dst
168.63.252.39/32acl 365portal dst 168.63.252.71/32acl 365portal dst
191.232.2.128/25acl 365portal dst 191.233.32.111acl 365portal dst
191.233.32.201acl 365portal dst 191.234.6.0/24acl 365portal dst
191.235.135.139acl 365portal dst 191.235.135.222acl 365portal dst
191.236.192.179acl 365portal dst 191.237.128.159acl 365portal dst
191.238.80.160acl 365portal dst 191.238.81.69acl 365portal dst
191.238.83.220acl 365portal dst 207.46.57.128/25acl 365portal dst
207.46.70.0/24acl 365portal dst 207.46.73.250acl 365portal dst
207.46.198.0/25acl 365portal dst 207.46.206.0/23acl 365portal dst
207.46.216.54acl 365portal dst 213.199.128.58acl 365portal dst
213.199.128.91acl 365portal dst 213.199.148.0/23acl 365portal dst
213.199.182.128/25
# OFFICE ONLINEacl office365 dst 134.170.27.64/26acl office365 dst
134.170.48.0/26acl office365 dst 134.170.65.64/26acl office365 dst
134.170.128.192/26acl office365 dst 134.170.170.64/26acl office365 dst
191.232.2.64/26
acl dropbox dstdomain .dropbox.comacl icloud dstdomain .icloud.com
# Squid Cacheacl PURGE method PURGE
http_access deny manager !localhosthttp_access allow PURGE localhosthttp_access
deny PURGE
# The method ACL type allows you to restrict access based on the request HTTP
method, i.e. GET (used for downloading), POST (used for uploading) and CONNECT
(used for SSL data transfers)# It is very important that you stop CONNECT type
requests to non-SSL ports. The CONNECT method allows data transfer in any
direction at any time, regardless of the transport protocol used.acl CONNECT
method CONNECThttp_access deny CONNECT !SSL_ports
# Deny access to all ports except the ones definedhttp_access deny !Safe_ports#
This blocks attempts to request http://localhost on the proxy server via the
proxy. http_access deny localhost# Deny caching for everyone so that there is
not caching at allcache deny all
http_access allow msdomainshttp_access allow lync2013http_access allow
365portalhttp_access allow office365http_access allow registarshttp_access
allow dropboxhttp_access allow icloud
http_access allow CONNECT msdomainshttp_access allow CONNECT
lync2013http_access allow CONNECT 365portalhttp_access allow CONNECT
office365http_access allow CONNECT registarshttp_access allow CONNECT
dropboxhttp_access allow CONNECT icloud
# Deny access to proxy to everyone except Authorized Users group in
ADhttp_access deny !AuthorizedUsers
# Disable cachingalways_direct allow msdomains allalways_direct allow registars
allalways_direct allow lync2013 allalways_direct allow 365portal
allalways_direct allow office365 all
# Allow direct connection if the destination machine is on LANalways_direct
allow lan_dst# Allow http access from machines on LANhttp_access allow lan_src#
Default denyhttp_access deny allhttp_reply_access allow allicp_access allow all
# Squid should not check with neighbours'/parents' cache and should go to
target web-server.hierarchy_stoplist cgi-bin ?
# Loggingcache_dir ufs c:/squid/var/cache 100 16 256access_log
c:/squid/var/logs/access.log squidcache_log
c:/squid/var/logs/cache.logcache_store_log nonelogfile_rotate 4log_ip_on_direct
ondebug_options ALL,1log_fqdn off
# SquidGuardredirect_program c:/squidguard/squidguard.exe -c
c:/squidguard/conf/squidguard.confredirect_children 5
# Cachingcache_mgr ittechs@oppy.comrefresh_pattern ^ftp: 1440
20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i
(/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320
# Dont cache these pagesacl DYNAMIC_CONTENT urlpath_regex cgi-bin \.cgi \.pl
\.php3 \.asp \.phpno_cache deny DYNAMIC_CONTENT
# Other stuff?acl shoutcast rep_header X-HTTP09-First-Line
^ICY.[0-9]upgrade_http0.9 deny shoutcastacl apache rep_header Server
^Apachebroken_vary_encoding allow apacheerror_directory
c:/squid/share/errors/English
# Various features turned off.snmp_port 0icp_port 0htcp_port 0
coredump_dir c:/squid/var/cachepid_filename c:/squid/var/squid.pidmime_table
c:/squid/etc/mime.confunlinkd_program c:/squid/libexec/unlinkd.exe
_______________________________________________
squid-users mailing list
squid-users@lists.squid-cache.org
http://lists.squid-cache.org/listinfo/squid-users
