We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically redirects them to Microsoft office download page - which is rather annoying. At first I thought it was IE doing the redirect but it happens in firefox aswell!!
anybody got any ideas why this is happening?
hi
I am guessing here but have a look on the dansguardian.conf and squid.conf see if you can find the the address of the page they get redirected to. The one here get redirected in squid to an error page on the dansguardian box.
Richard
Nope tried that already - its not mentioned in any of the conf files - the only way to resolve is to restart squid and dansguardian
Hi
I think mine get redirected to /usr/share/squid/errors/English/
Richard
Hi
Have a look in the error pages as well it could have a bit of htlm in to forward it on.
Richard
I'm having the exact same issue here. I setup Squid with Dan's Guardian on Ubuntu 9.04 running in a VM on ESXi so we could log student traffic. Both Dan's Guardian and Squid were installed through apt-get and not compiled from source. For the most part it works beautifully, and I have SARG setup to parse the Squid logs to make it easy for principals to check where there students have been going.
It's just that every once and a while, when going through this proxy, you'll get bounced to office.microsoft.com. It doesn't matter what site you're pulling up either, but it ALWAYS redirects to the MS Office site. It seems to be very sporadic.
Squid is setup to authenticate to the AD, and log traffic using the student's AD account name. The cache_dir in the squid.conf is pointing to /dev/null, effectively disabling the caching function of Squid. Now I do have a cache_peer setup in the squid.conf, since we get filtering through our ISP.
I've isolated where the redirect actually takes place in the access.log file, here it is...
The initial request shows up with a TCP_MISS, which is to be expected since caching has been disabled, but a 301 code is tossed, signaling a permanent move. The very next log entry for any user after this code is always office.microsoft.com. This is driving me nuts. Did you have any luck figuring this out?1286815796.809 52 10.6.17.15 TCP_MISS/301 838 GET Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News- msnbc.com tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere -
1286815796.943 133 10.6.17.15 TCP_MISS/200 35919 GET Office - Microsoft Office tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere text/html
Are you both using the same DNS servers perhaps? Could be something in there maybes?
Nope I am still investigating now - Duke5a I have sent you a pm asking a few details about LA etc
I have spent ages trying to find this out and cannot work out why it is happening!
Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
What sort of issue? is it a known issue?Originally Posted by tom_newton
We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?
That is interesting... When I setup Squid here I did everything all at once, so I couldn't say if it was authentication, the upstream proxy, or a combination of the two. I'll try creating an ACL in Squid to let office.microsoft.com requests bypass proxy authentication.
Tom, if you're referring to "cache_peer-proxygoeshere," then this isn't a problem. I removed the actual cache_peer address in the log intentionally.
I just finished making some quick edits to the squid.conf. This is basically how it looks...
The bypassauth-sites.squid text file contains .microsoft and .msecnd.net. I then logged on locally to a domain computer and tried to browse the net through the proxy. I got hit up for credentials on every site I tried to visit save for the exceptions I defined in that ACL. So it's working as intended. Now I'll let users have at it for the next couple of days and see if the problem persists.acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
acl NTLMUsers proxy_auth REQUIRED
http_access allow all bypassNTLM
http_access all all NTLMUsers
Ah, duke, yes, that looked to me like you'd perhaps not filled in a placeholder value! Thanks for clearing that up.
I've been asking around our DG & squid folks but no joy as yet - this is not something we have seen before it seems.
I'm pretty sure my ACL to allow office.microsoft.com to bypass AD authorization fix worked. After a full day of the redirect problem not showing up, I changed the proxy GPO and funneled the rest of the student body through the Squid box for today, and still no issues even with a two-fold increase in web traffic through Squid. This is just a band-aid though, there is still an underlying problem. Glennda, if you decide to go ahead and give it a try, let me know what the outcome is. Thanks everyone.
Interesting. I'm glad you've found a fix (believe me, there's a LONG list of sites to put in "do not auth for" - so much s/w hates NTLM!).
Glennda: guardian/auth/settings - the do-not-auth-for box is where it's at.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
