+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Internet Related/Filtering/Firewall Thread, Squid/dansguardian Redirecting to Office Download Page in Technical; We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically ...
  1. #1

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345

    Squid/dansguardian Redirecting to Office Download Page

    We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically redirects them to Microsoft office download page - which is rather annoying. At first I thought it was IE doing the redirect but it happens in firefox aswell!!

    anybody got any ideas why this is happening?

  2. #2
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,466
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    51
    hi

    I am guessing here but have a look on the dansguardian.conf and squid.conf see if you can find the the address of the page they get redirected to. The one here get redirected in squid to an error page on the dansguardian box.

    Richard

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Nope tried that already - its not mentioned in any of the conf files - the only way to resolve is to restart squid and dansguardian

  4. #4
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,466
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    51
    Hi

    I think mine get redirected to /usr/share/squid/errors/English/

    Richard

  5. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,466
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    51
    Hi

    Have a look in the error pages as well it could have a bit of htlm in to forward it on.

    Richard

  6. #6
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    731
    Thank Post
    74
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    I'm having the exact same issue here. I setup Squid with Dan's Guardian on Ubuntu 9.04 running in a VM on ESXi so we could log student traffic. Both Dan's Guardian and Squid were installed through apt-get and not compiled from source. For the most part it works beautifully, and I have SARG setup to parse the Squid logs to make it easy for principals to check where there students have been going.

    It's just that every once and a while, when going through this proxy, you'll get bounced to office.microsoft.com. It doesn't matter what site you're pulling up either, but it ALWAYS redirects to the MS Office site. It seems to be very sporadic.

    Squid is setup to authenticate to the AD, and log traffic using the student's AD account name. The cache_dir in the squid.conf is pointing to /dev/null, effectively disabling the caching function of Squid. Now I do have a cache_peer setup in the squid.conf, since we get filtering through our ISP.

    I've isolated where the redirect actually takes place in the access.log file, here it is...

    1286815796.809 52 10.6.17.15 TCP_MISS/301 838 GET Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News- msnbc.com tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere -
    1286815796.943 133 10.6.17.15 TCP_MISS/200 35919 GET Office - Microsoft Office tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere text/html
    The initial request shows up with a TCP_MISS, which is to be expected since caching has been disabled, but a 301 code is tossed, signaling a permanent move. The very next log entry for any user after this code is always office.microsoft.com. This is driving me nuts. Did you have any luck figuring this out?

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Are you both using the same DNS servers perhaps? Could be something in there maybes?

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Nope I am still investigating now - Duke5a I have sent you a pm asking a few details about LA etc

    I have spent ages trying to find this out and cannot work out why it is happening!

  9. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?

  10. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,714
    Thank Post
    269
    Thanked 1,116 Times in 1,012 Posts
    Rep Power
    345
    Quote Originally Posted by tom_newton View Post
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
    What sort of issue? is it a known issue?

    We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?

  11. #11
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    731
    Thank Post
    74
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    Quote Originally Posted by glennda View Post
    What sort of issue? is it a known issue?

    We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?
    That is interesting... When I setup Squid here I did everything all at once, so I couldn't say if it was authentication, the upstream proxy, or a combination of the two. I'll try creating an ACL in Squid to let office.microsoft.com requests bypass proxy authentication.

  12. #12
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    731
    Thank Post
    74
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    Quote Originally Posted by tom_newton View Post
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
    Tom, if you're referring to "cache_peer-proxygoeshere," then this isn't a problem. I removed the actual cache_peer address in the log intentionally.

    I just finished making some quick edits to the squid.conf. This is basically how it looks...

    acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
    acl NTLMUsers proxy_auth REQUIRED

    http_access allow all bypassNTLM
    http_access all all NTLMUsers
    The bypassauth-sites.squid text file contains .microsoft and .msecnd.net. I then logged on locally to a domain computer and tried to browse the net through the proxy. I got hit up for credentials on every site I tried to visit save for the exceptions I defined in that ACL. So it's working as intended. Now I'll let users have at it for the next couple of days and see if the problem persists.

  13. #13


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Ah, duke, yes, that looked to me like you'd perhaps not filled in a placeholder value! Thanks for clearing that up.
    I've been asking around our DG & squid folks but no joy as yet - this is not something we have seen before it seems.

  14. #14
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    731
    Thank Post
    74
    Thanked 113 Times in 99 Posts
    Blog Entries
    8
    Rep Power
    27
    I'm pretty sure my ACL to allow office.microsoft.com to bypass AD authorization fix worked. After a full day of the redirect problem not showing up, I changed the proxy GPO and funneled the rest of the student body through the Squid box for today, and still no issues even with a two-fold increase in web traffic through Squid. This is just a band-aid though, there is still an underlying problem. Glennda, if you decide to go ahead and give it a try, let me know what the outcome is. Thanks everyone.

  15. #15


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,448
    Thank Post
    865
    Thanked 839 Times in 662 Posts
    Rep Power
    194
    Interesting. I'm glad you've found a fix (believe me, there's a LONG list of sites to put in "do not auth for" - so much s/w hates NTLM!).

    Glennda: guardian/auth/settings - the do-not-auth-for box is where it's at.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Project Page and Download Here
    By bizzel in forum EduGeek AUP Informant
    Replies: 12
    Last Post: 19th March 2013, 04:49 PM
  2. Need a Dansguardian / Squid configuration expert
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 70
    Last Post: 10th August 2010, 12:31 PM
  3. Replies: 10
    Last Post: 11th May 2010, 10:13 AM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •