Internet Related/Filtering/Firewall Thread, Squid/dansguardian Redirecting to Office Download Page in Technical; We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically ...
20th September 2010, 12:12 PM #1
Squid/dansguardian Redirecting to Office Download Page
We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically redirects them to Microsoft office download page - which is rather annoying. At first I thought it was IE doing the redirect but it happens in firefox aswell!!
anybody got any ideas why this is happening?
IDG Tech News
20th September 2010, 12:23 PM #2
I am guessing here but have a look on the dansguardian.conf and squid.conf see if you can find the the address of the page they get redirected to. The one here get redirected in squid to an error page on the dansguardian box.
20th September 2010, 12:28 PM #3
Nope tried that already - its not mentioned in any of the conf files - the only way to resolve is to restart squid and dansguardian
20th September 2010, 12:30 PM #4
I think mine get redirected to /usr/share/squid/errors/English/
20th September 2010, 12:34 PM #5
Have a look in the error pages as well it could have a bit of htlm in to forward it on.
11th October 2010, 07:54 PM #6
I'm having the exact same issue here. I setup Squid with Dan's Guardian on Ubuntu 9.04 running in a VM on ESXi so we could log student traffic. Both Dan's Guardian and Squid were installed through apt-get and not compiled from source. For the most part it works beautifully, and I have SARG setup to parse the Squid logs to make it easy for principals to check where there students have been going.
It's just that every once and a while, when going through this proxy, you'll get bounced to office.microsoft.com. It doesn't matter what site you're pulling up either, but it ALWAYS redirects to the MS Office site. It seems to be very sporadic.
Squid is setup to authenticate to the AD, and log traffic using the student's AD account name. The cache_dir in the squid.conf is pointing to /dev/null, effectively disabling the caching function of Squid. Now I do have a cache_peer setup in the squid.conf, since we get filtering through our ISP.
I've isolated where the redirect actually takes place in the access.log file, here it is...
The initial request shows up with a TCP_MISS, which is to be expected since caching has been disabled, but a 301 code is tossed, signaling a permanent move. The very next log entry for any user after this code is always office.microsoft.com. This is driving me nuts. Did you have any luck figuring this out?
1286815796.809 52 10.6.17.15 TCP_MISS/301 838 GET Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News- msnbc.com
tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere -
1286815796.943 133 10.6.17.15 TCP_MISS/200 35919 GET Office - Microsoft Office
tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere text/html
11th October 2010, 10:02 PM #7
Are you both using the same DNS servers perhaps? Could be something in there maybes?
11th October 2010, 10:52 PM #8
Nope I am still investigating now - Duke5a I have sent you a pm asking a few details about LA etc
I have spent ages trying to find this out and cannot work out why it is happening!
12th October 2010, 08:19 AM #9
Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
12th October 2010, 09:34 AM #10
What sort of issue? is it a known issue?
Originally Posted by tom_newton
We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?
12th October 2010, 02:05 PM #11
That is interesting... When I setup Squid here I did everything all at once, so I couldn't say if it was authentication, the upstream proxy, or a combination of the two. I'll try creating an ACL in Squid to let office.microsoft.com requests bypass proxy authentication.
Originally Posted by glennda
12th October 2010, 11:34 PM #12
Tom, if you're referring to "cache_peer-proxygoeshere," then this isn't a problem. I removed the actual cache_peer address in the log intentionally.
Originally Posted by tom_newton
I just finished making some quick edits to the squid.conf. This is basically how it looks...
The bypassauth-sites.squid text file contains .microsoft and .msecnd.net. I then logged on locally to a domain computer and tried to browse the net through the proxy. I got hit up for credentials on every site I tried to visit save for the exceptions I defined in that ACL. So it's working as intended. Now I'll let users have at it for the next couple of days and see if the problem persists.
acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
acl NTLMUsers proxy_auth REQUIRED
http_access allow all bypassNTLM
http_access all all NTLMUsers
13th October 2010, 07:59 AM #13
Ah, duke, yes, that looked to me like you'd perhaps not filled in a placeholder value! Thanks for clearing that up.
I've been asking around our DG & squid folks but no joy as yet - this is not something we have seen before it seems.
14th October 2010, 04:22 PM #14
I'm pretty sure my ACL to allow office.microsoft.com to bypass AD authorization fix worked. After a full day of the redirect problem not showing up, I changed the proxy GPO and funneled the rest of the student body through the Squid box for today, and still no issues even with a two-fold increase in web traffic through Squid. This is just a band-aid though, there is still an underlying problem. Glennda, if you decide to go ahead and give it a try, let me know what the outcome is. Thanks everyone.
14th October 2010, 05:46 PM #15
Interesting. I'm glad you've found a fix (believe me, there's a LONG list of sites to put in "do not auth for" - so much s/w hates NTLM!).
Glennda: guardian/auth/settings - the do-not-auth-for box is where it's at.
By bizzel in forum EduGeek AUP Informant
Last Post: 19th March 2013, 04:49 PM
By Number6 in forum Internet Related/Filtering/Firewall
Last Post: 10th August 2010, 12:31 PM
Last Post: 11th May 2010, 10:13 AM
Last Post: 24th July 2008, 07:24 PM
By NetworkGeezer in forum *nix
Last Post: 13th February 2007, 02:07 PM
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)