Hi Amos, ok, i have found the rule for it
acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name .microsoft.com ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all but the thing is both windows updates and office activation use the exact same cert file . microsoft.com/pkiops/certs/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crt im stuck or if i can get squid to block windows updates altogether? Thanks, Rob On Sat, 11 Jan 2020, 01:40 Amos Jeffries, <squ...@treenet.co.nz> wrote: > On 11/01/20 11:46 am, robert k Wild wrote: > > hi all, > > > > i have added all these lines to my squid config as it wasnt allowing > > office activation > > > > https://wiki.squid-cache.org/SquidFaq/WindowsUpdate > > > > but now its allowing office activation and now windows updates but i > > dont want it to do windows updates as this is managed by our WSUS server > > > > That would be right then. As the wiki page name indicates that config is > all about allowing WindowsUpdate. > > > > what are the corect lines to just do the office activation > > > > This is a strong indication you still do not understand how ACLs work. > > So your reference points are: > <https://wiki.squid-cache.org/SquidFaq/SquidAcl> > and > <http://www.squid-cache.org/Doc/config/acl/> > > > > as when i comment out all the lines i get this > > > > 0 - TCP_DENIED/403 3810 GET > > > http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crt > > > > That then is the first URL you need to let clients access. > > Once that is accessible the activation process will get further and > there may be others. When you know the whole set there may be some > optimizations your rules can use to simplify the final config. > > > Amos > _______________________________________________ > squid-users mailing list > squid-users@lists.squid-cache.org > http://lists.squid-cache.org/listinfo/squid-users >
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
