+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 25
Internet Related/Filtering/Firewall Thread, Squid/dansguardian Redirecting to Office Download Page in Technical; We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically ...
  1. #1

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350

    Squid/dansguardian Redirecting to Office Download Page

    We seem to have a problem with squid or dansguardian whereby if it cannot connect to a page it automatically redirects them to Microsoft office download page - which is rather annoying. At first I thought it was IE doing the redirect but it happens in firefox aswell!!

    anybody got any ideas why this is happening?

  2. #2
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    hi

    I am guessing here but have a look on the dansguardian.conf and squid.conf see if you can find the the address of the page they get redirected to. The one here get redirected in squid to an error page on the dansguardian box.

    Richard

  3. #3

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Nope tried that already - its not mentioned in any of the conf files - the only way to resolve is to restart squid and dansguardian

  4. #4
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    I think mine get redirected to /usr/share/squid/errors/English/

    Richard

  5. #5
    ricki's Avatar
    Join Date
    Jul 2005
    Location
    uk
    Posts
    1,475
    Thank Post
    20
    Thanked 164 Times in 157 Posts
    Rep Power
    52
    Hi

    Have a look in the error pages as well it could have a bit of htlm in to forward it on.

    Richard

  6. #6
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    I'm having the exact same issue here. I setup Squid with Dan's Guardian on Ubuntu 9.04 running in a VM on ESXi so we could log student traffic. Both Dan's Guardian and Squid were installed through apt-get and not compiled from source. For the most part it works beautifully, and I have SARG setup to parse the Squid logs to make it easy for principals to check where there students have been going.

    It's just that every once and a while, when going through this proxy, you'll get bounced to office.microsoft.com. It doesn't matter what site you're pulling up either, but it ALWAYS redirects to the MS Office site. It seems to be very sporadic.

    Squid is setup to authenticate to the AD, and log traffic using the student's AD account name. The cache_dir in the squid.conf is pointing to /dev/null, effectively disabling the caching function of Squid. Now I do have a cache_peer setup in the squid.conf, since we get filtering through our ISP.

    I've isolated where the redirect actually takes place in the access.log file, here it is...

    1286815796.809 52 10.6.17.15 TCP_MISS/301 838 GET Breaking News, Weather, Business, Health, Entertainment, Sports, Politics, Travel, Science, Technology, Local, US & World News- msnbc.com tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere -
    1286815796.943 133 10.6.17.15 TCP_MISS/200 35919 GET Office - Microsoft Office tteacher02 DEFAULT_PARENT/cache_peer-proxygoeshere text/html
    The initial request shows up with a TCP_MISS, which is to be expected since caching has been disabled, but a 301 code is tossed, signaling a permanent move. The very next log entry for any user after this code is always office.microsoft.com. This is driving me nuts. Did you have any luck figuring this out?

  7. #7


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Are you both using the same DNS servers perhaps? Could be something in there maybes?

  8. #8

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Nope I am still investigating now - Duke5a I have sent you a pm asking a few details about LA etc

    I have spent ages trying to find this out and cannot work out why it is happening!

  9. #9


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?

  10. #10

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    350
    Quote Originally Posted by tom_newton View Post
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
    What sort of issue? is it a known issue?

    We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?

  11. #11
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by glennda View Post
    What sort of issue? is it a known issue?

    We have 2 squid proxy's there never was an issue with the second one until we setup authentication on it - possibly its because the upstream does not require authentication?
    That is interesting... When I setup Squid here I did everything all at once, so I couldn't say if it was authentication, the upstream proxy, or a combination of the two. I'll try creating an ACL in Squid to let office.microsoft.com requests bypass proxy authentication.

  12. #12
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    Quote Originally Posted by tom_newton View Post
    Hm. Duke5a's logs look like there *might* be an issue with upstream proxy?
    Tom, if you're referring to "cache_peer-proxygoeshere," then this isn't a problem. I removed the actual cache_peer address in the log intentionally.

    I just finished making some quick edits to the squid.conf. This is basically how it looks...

    acl bypassNTLM dstdomain "/etc/squid/bypassauth-sites.squid"
    acl NTLMUsers proxy_auth REQUIRED

    http_access allow all bypassNTLM
    http_access all all NTLMUsers
    The bypassauth-sites.squid text file contains .microsoft and .msecnd.net. I then logged on locally to a domain computer and tried to browse the net through the proxy. I got hit up for credentials on every site I tried to visit save for the exceptions I defined in that ACL. So it's working as intended. Now I'll let users have at it for the next couple of days and see if the problem persists.

  13. #13


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Ah, duke, yes, that looked to me like you'd perhaps not filled in a placeholder value! Thanks for clearing that up.
    I've been asking around our DG & squid folks but no joy as yet - this is not something we have seen before it seems.

  14. #14
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    I'm pretty sure my ACL to allow office.microsoft.com to bypass AD authorization fix worked. After a full day of the redirect problem not showing up, I changed the proxy GPO and funneled the rest of the student body through the Squid box for today, and still no issues even with a two-fold increase in web traffic through Squid. This is just a band-aid though, there is still an underlying problem. Glennda, if you decide to go ahead and give it a try, let me know what the outcome is. Thanks everyone.

  15. #15


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,485
    Thank Post
    867
    Thanked 854 Times in 675 Posts
    Rep Power
    197
    Interesting. I'm glad you've found a fix (believe me, there's a LONG list of sites to put in "do not auth for" - so much s/w hates NTLM!).

    Glennda: guardian/auth/settings - the do-not-auth-for box is where it's at.

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 11
    Last Post: 12th September 2014, 06:02 PM
  2. Project Page and Download Here
    By bizzel in forum EduGeek AUP Informant
    Replies: 12
    Last Post: 19th March 2013, 04:49 PM
  3. Need a Dansguardian / Squid configuration expert
    By Number6 in forum Internet Related/Filtering/Firewall
    Replies: 70
    Last Post: 10th August 2010, 12:31 PM
  4. ntlm_auth | Dansguardian | Squid
    By ahuxham in forum *nix
    Replies: 11
    Last Post: 24th July 2008, 07:24 PM
  5. DansGuardian without local Squid
    By NetworkGeezer in forum *nix
    Replies: 2
    Last Post: 13th February 2007, 02:07 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •