<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>We are using SQUID 2.7 STABLE8 on a Windows 2008 box, it is working except when a user tries to access Microsoft Lync 2013 they get a password prompt.<div><br></div><div>I've searched the web and spent countless hours on this with no luck, anyone able to shed some light?</div><div><br></div><div>When i start my Microsoft Lync 2013 client, on access.log I see the following hit when the proxy dialog box shows up within the Lync application.</div><div><br></div><div><b>1412717278.341 516 172.16.12.110 TCP_MISS/200 11695 CONNECT login.microsoftonline.com:443 - DIRECT/65.52.244.66 -</b></div><div><br></div><div>Here is my squid.conf file:</div><div><br>I've tried to add all of the published URLs and IPs that Microsoft lists for Office 365 and related products, but I still have no luck.. anyone able to assist?</div><div><br></div><div><div><br></div><div># Port on which Squid will lisen on</div><div>http_port 8080</div><div><br></div><div># Authentication</div><div>auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-ntlmssp</div><div>auth_param ntlm children 5</div><div>auth_param ntlm keep_alive on</div><div>auth_param basic program c:/squid/libexec/mswin_ntlm_auth.exe --helper-protocol=squid-2.5-basic</div><div>auth_param basic children 5</div><div>auth_param basic realm Proxy Server</div><div>auth_param basic credentialsttl 2 hours</div><div>auth_param basic casesensitive off</div><div>authenticate_cache_garbage_interval 10 seconds</div><div><br></div><div># Squid Defaults</div><div>acl all src all</div><div>acl manager proto cache_object</div><div>acl localhost src 127.0.0.1</div><div><br></div><div># Class C Internal Subnet - Defaults</div><div>acl localnet src 10.0.0.0/8</div><div>acl localnet src 172.16.0.0/12</div><div>acl localnet src 192.168.0.0/16</div><div><br></div><div># ACLs</div><div># for destination machine</div><div>acl lan_dst dst 172.16.0.0/16</div><div># for source machine</div><div>acl lan_src src 172.16.0.0/16</div><div># for destination domain</div><div>acl lan_domain dstdomain .contoso.com</div><div><br></div><div># SSL Ports</div><div>acl SSL_ports port 443 8180 8443 563 1494 2598 8531</div><div><br></div><div># Standard Ports</div><div>acl Safe_ports port 80<span class="Apple-tab-span" style="white-space:pre"> </span># http</div><div>acl Safe_ports port 81 <span class="Apple-tab-span" style="white-space:pre"> </span># http for Pacific Brokerage</div><div>acl Safe_ports port 21<span class="Apple-tab-span" style="white-space:pre"> </span># ftp</div><div>acl Safe_ports port 443 563<span class="Apple-tab-span" style="white-space:pre"> </span># http</div><div>acl Safe_ports port 70<span class="Apple-tab-span" style="white-space:pre"> </span># gopher</div><div>acl Safe_ports port 210<span class="Apple-tab-span" style="white-space:pre"> </span># wais</div><div>acl Safe_ports port 280<span class="Apple-tab-span" style="white-space:pre"> </span># http-mgmt</div><div>acl Safe_ports port 488<span class="Apple-tab-span" style="white-space:pre"> </span># gss-http</div><div>acl Safe_ports port 591<span class="Apple-tab-span" style="white-space:pre"> </span># filemaker</div><div>acl Safe_ports port 777<span class="Apple-tab-span" style="white-space:pre"> </span># multiling http</div><div>acl Safe_ports port 8080 8081 8082 8088 8180</div><div>acl Safe_ports port 3128 <span class="Apple-tab-span" style="white-space:pre"> </span># Squid http server</div><div>acl Safe_ports port 1494 2598 <span class="Apple-tab-span" style="white-space:pre"> </span># ICA - Citrix</div><div>acl Safe_ports port 7000 8000 <span class="Apple-tab-span" style="white-space:pre"> </span># Oracle</div><div>acl Safe_ports port 9000 <span class="Apple-tab-span" style="white-space:pre"> </span># Oracle</div><div>acl Safe_ports port 8530<span class="Apple-tab-span" style="white-space:pre"> </span># WSUS</div><div>acl Safe_ports port 55905<span class="Apple-tab-span" style="white-space:pre"> </span># WSUS</div><div>acl Safe_ports port 1025-65535<span class="Apple-tab-span" style="white-space:pre"> </span># unregistered ports</div><div><br></div><div>external_acl_type AD_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -G</div><div>acl AuthorizedUsers proxy_auth REQUIRED</div><div><br></div><div># ACL - Microsoft</div><div>acl msdomains dstdomain .windowsupdate.com </div><div>acl msdomains dstdomain .microsoft.com</div><div>acl msdomains dstdomain .windows.com</div><div>acl msdomains dstdomain .live.com</div><div>acl msdomains dstdomain .msecnd.net</div><div>acl msdomains dstdomain .microsoftonline.com</div><div>acl msdomains dstdomain .office365.com</div><div>acl msdomains dstdomain .lync.com</div><div>acl msdomains dstdomain .office.com</div><div>acl msdomains dstdomain .onmicrosoft.com</div><div>acl msdomains dstdomain .microsoftonline-p.com</div><div>acl msdomains dstdomain .microsoftonline-p.net</div><div>acl msdomains dstdomain .microsoftonlineimages.com</div><div>acl msdomains dstdomain .microsoftonlinesupport.net</div><div>acl msdomains dstdomain .msocdn.com</div><div>acl msdomains dstdomain .msn.com</div><div>acl msdomains dstdomain .msn.co.jp</div><div>acl msdomains dstdomain .msn.co.uk</div><div>acl msdomains dstdomain .office.net</div><div>acl msdomains dstdomain .aadrm.com</div><div>acl msdomains dstdomain .cloudapp.net</div><div>acl msdomains dstdomain .windowsazure.com</div><div>acl msdomains dstdomain .phonefactor.net</div><div>acl msdomains dstdomain .symcb.com</div><div><br></div><div># ACL - SSL Providers</div><div>acl registars dstdomain .verisign.com</div><div>acl registars dstdomain .godaddy.com</div><div><br></div><div># LYNC</div><div>acl lync2013 dst 65.54.54.128/25</div><div>acl lync2013 dst 65.55.121.128/27</div><div>acl lync2013 dst 65.55.127.0/24</div><div>acl lync2013 dst 111.221.17.128/27</div><div>acl lync2013 dst 111.221.22.64/26</div><div>acl lync2013 dst 111.221.76.96/27</div><div>acl lync2013 dst 111.221.76.128/25</div><div>acl lync2013 dst 111.221.77.0/26</div><div>acl lync2013 dst 134.170.0.0/25</div><div>acl lync2013 dst 157.55.40.128/25</div><div>acl lync2013 dst 157.55.46.0/27</div><div>acl lync2013 dst 157.55.46.64/26</div><div>acl lync2013 dst 157.55.104.96/27</div><div>acl lync2013 dst 157.55.229.128/27</div><div>acl lync2013 dst 157.55.232.128/26</div><div>acl lync2013 dst 157.55.238.0/25</div><div>acl lync2013 dst 207.46.5.0/24</div><div>acl lync2013 dst 207.46.7.128/27</div><div>acl lync2013 dst 207.46.57.0/25</div><div><br></div><div># OFFICE 365 PORTAL AND IDENTITY</div><div>acl 365portal dst 23.96.208.238</div><div>acl 365portal dst 23.97.64.252</div><div>acl 365portal dst 23.97.68.113</div><div>acl 365portal dst 23.97.70.147</div><div>acl 365portal dst 23.97.72.158</div><div>acl 365portal dst 23.97.72.161</div><div>acl 365portal dst 23.97.72.165</div><div>acl 365portal dst 23.97.98.128</div><div>acl 365portal dst 23.97.99.4</div><div>acl 365portal dst 23.97.99.164</div><div>acl 365portal dst 23.97.100.76</div><div>acl 365portal dst 23.97.100.92</div><div>acl 365portal dst 23.97.100.105</div><div>acl 365portal dst 23.97.100.152</div><div>acl 365portal dst 23.97.102.90</div><div>acl 365portal dst 23.97.148.36</div><div>acl 365portal dst 23.97.148.228</div><div>acl 365portal dst 23.98.66.168</div><div>acl 365portal dst 23.98.69.116</div><div>acl 365portal dst 23.98.70.90</div><div>acl 365portal dst 23.99.129.26</div><div>acl 365portal dst 23.99.129.173</div><div>acl 365portal dst 23.99.194.77</div><div>acl 365portal dst 23.99.196.232</div><div>acl 365portal dst 23.99.226.167</div><div>acl 365portal dst 23.99.227.124</div><div>acl 365portal dst 23.102.64.16</div><div>acl 365portal dst 23.102.64.255</div><div>acl 365portal dst 23.102.65.171</div><div>acl 365portal dst 23.102.65.203</div><div>acl 365portal dst 23.102.65.221</div><div>acl 365portal dst 65.52.64.61</div><div>acl 365portal dst 65.52.64.230</div><div>acl 365portal dst 65.52.136.224</div><div>acl 365portal dst 65.52.144.125</div><div>acl 365portal dst 65.52.148.27</div><div>acl 365portal dst 65.52.184.75</div><div>acl 365portal dst 65.52.196.64</div><div>acl 365portal dst 65.52.228.75</div><div>acl 365portal dst 65.52.228.100</div><div>acl 365portal dst 65.52.236.160</div><div>acl 365portal dst 65.52.244.66</div><div>acl 365portal dst 65.54.54.32/27</div><div>acl 365portal dst 65.54.55.201</div><div>acl 365portal dst 65.54.74.0/23</div><div>acl 365portal dst 65.54.80.0/20</div><div>acl 365portal dst 65.54.165.0/25</div><div>acl 365portal dst 65.55.86.0/23</div><div>acl 365portal dst 65.55.233.0/27</div><div>acl 365portal dst 65.55.239.168</div><div>acl 365portal dst 70.37.56.152</div><div>acl 365portal dst 70.37.97.234</div><div>acl 365portal dst 70.37.128.0/23</div><div>acl 365portal dst 70.37.142.0/23</div><div>acl 365portal dst 70.37.150.128/25</div><div>acl 365portal dst 70.37.159.0/24</div><div>acl 365portal dst 70.37.160.72</div><div>acl 365portal dst 70.37.160.202</div><div>acl 365portal dst 94.245.68.0/22</div><div>acl 365portal dst 94.245.82.0/23</div><div>acl 365portal dst 94.245.84.0/24</div><div>acl 365portal dst 94.245.86.0/24</div><div>acl 365portal dst 94.245.88.223</div><div>acl 365portal dst 94.245.88.194</div><div>acl 365portal dst 94.245.117.53</div><div>acl 365portal dst 94.245.108.85</div><div>acl 365portal dst 111.221.16.0/21</div><div>acl 365portal dst 111.221.24.0/21</div><div>acl 365portal dst 111.221.70.0/25</div><div>acl 365portal dst 111.221.71.0/25</div><div>acl 365portal dst 111.221.111.196</div><div>acl 365portal dst 111.221.127.112/28</div><div>acl 365portal dst 132.245.0.0/16</div><div>acl 365portal dst 134.170.0.0/16</div><div>acl 365portal dst 137.135.47.6</div><div>acl 365portal dst 137.135.47.4</div><div>acl 365portal dst 137.135.47.28</div><div>acl 365portal dst 137.116.32.43</div><div>acl 365portal dst 137.116.32.61</div><div>acl 365portal dst 137.116.48.66</div><div>acl 365portal dst 137.116.48.69</div><div>acl 365portal dst 137.116.64.162</div><div>acl 365portal dst 137.116.129.62/32</div><div>acl 365portal dst 137.117.99.175</div><div>acl 365portal dst 137.117.103.21</div><div>acl 365portal dst 137.135.41.12/32</div><div>acl 365portal dst 137.135.42.195/32</div><div>acl 365portal dst 137.135.43.100/32</div><div>acl 365portal dst 137.135.44.5/32</div><div>acl 365portal dst 137.135.44.73/32</div><div>acl 365portal dst 137.135.48.128/32</div><div>acl 365portal dst 138.91.17.43</div><div>acl 365portal dst 138.91.17.108</div><div>acl 365portal dst 138.91.18.52</div><div>acl 365portal dst 138.91.2.208</div><div>acl 365portal dst 138.91.2.210</div><div>acl 365portal dst 138.91.2.212</div><div>acl 365portal dst 157.55.45.128/25</div><div>acl 365portal dst 157.55.59.128/25</div><div>acl 365portal dst 157.55.80.175</div><div>acl 365portal dst 157.55.80.182</div><div>acl 365portal dst 157.55.84.13/32</div><div>acl 365portal dst 157.55.84.19/32</div><div>acl 365portal dst 157.55.84.80/32</div><div>acl 365portal dst 157.55.84.237/32</div><div>acl 365portal dst 157.55.130.0/25</div><div>acl 365portal dst 157.55.145.0/25</div><div>acl 365portal dst 157.55.155.0/25</div><div>acl 365portal dst 157.55.168.18</div><div>acl 365portal dst 157.55.176.63</div><div>acl 365portal dst 157.55.185.100</div><div>acl 365portal dst 157.55.194.46</div><div>acl 365portal dst 157.55.208.198</div><div>acl 365portal dst 157.55.227.192/26</div><div>acl 365portal dst 157.55.252.101</div><div>acl 365portal dst 157.56.0.0/16</div><div>acl 365portal dst 168.61.33.178/32</div><div>acl 365portal dst 168.61.35.252/32</div><div>acl 365portal dst 168.61.36.121</div><div>acl 365portal dst 168.61.37.63/32</div><div>acl 365portal dst 168.61.38.105</div><div>acl 365portal dst 168.61.39.14/32</div><div>acl 365portal dst 168.61.82.81/32</div><div>acl 365portal dst 168.61.83.48/32</div><div>acl 365portal dst 168.61.85.180/32</div><div>acl 365portal dst 168.61.85.193/32</div><div>acl 365portal dst 168.61.144.76</div><div>acl 365portal dst 168.61.208.197</div><div>acl 365portal dst 168.62.4.28</div><div>acl 365portal dst 168.62.11.24</div><div>acl 365portal dst 168.62.11.117</div><div>acl 365portal dst 168.62.16.112</div><div>acl 365portal dst 168.62.16.140</div><div>acl 365portal dst 168.62.16.149</div><div>acl 365portal dst 168.62.24.104</div><div>acl 365portal dst 168.62.24.114</div><div>acl 365portal dst 168.62.24.150</div><div>acl 365portal dst 168.62.41.25</div><div>acl 365portal dst 168.62.42.89</div><div>acl 365portal dst 168.62.52.198</div><div>acl 365portal dst 168.62.52.203</div><div>acl 365portal dst 168.62.60.71</div><div>acl 365portal dst 168.62.60.80</div><div>acl 365portal dst 168.62.104.146</div><div>acl 365portal dst 168.62.176.34</div><div>acl 365portal dst 168.62.179.4</div><div>acl 365portal dst 168.62.180.151</div><div>acl 365portal dst 168.63.16.66/32</div><div>acl 365portal dst 168.63.16.112/32</div><div>acl 365portal dst 168.63.16.114/32</div><div>acl 365portal dst 168.63.16.141</div><div>acl 365portal dst 168.63.17.221/32</div><div>acl 365portal dst 168.63.25.227</div><div>acl 365portal dst 168.63.27.2</div><div>acl 365portal dst 168.63.166.200</div><div>acl 365portal dst 168.63.165.67</div><div>acl 365portal dst 168.63.164.177</div><div>acl 365portal dst 168.63.208.73/32</div><div>acl 365portal dst 168.63.213.203/32</div><div>acl 365portal dst 168.63.214.35/32</div><div>acl 365portal dst 168.63.216.117/32</div><div>acl 365portal dst 168.63.250.173/32</div><div>acl 365portal dst 168.63.252.39/32</div><div>acl 365portal dst 168.63.252.71/32</div><div>acl 365portal dst 191.232.2.128/25</div><div>acl 365portal dst 191.233.32.111</div><div>acl 365portal dst 191.233.32.201</div><div>acl 365portal dst 191.234.6.0/24</div><div>acl 365portal dst 191.235.135.139</div><div>acl 365portal dst 191.235.135.222</div><div>acl 365portal dst 191.236.192.179</div><div>acl 365portal dst 191.237.128.159</div><div>acl 365portal dst 191.238.80.160</div><div>acl 365portal dst 191.238.81.69</div><div>acl 365portal dst 191.238.83.220</div><div>acl 365portal dst 207.46.57.128/25</div><div>acl 365portal dst 207.46.70.0/24</div><div>acl 365portal dst 207.46.73.250</div><div>acl 365portal dst 207.46.198.0/25</div><div>acl 365portal dst 207.46.206.0/23</div><div>acl 365portal dst 207.46.216.54</div><div>acl 365portal dst 213.199.128.58</div><div>acl 365portal dst 213.199.128.91</div><div>acl 365portal dst 213.199.148.0/23</div><div>acl 365portal dst 213.199.182.128/25</div><div><br></div><div># OFFICE ONLINE</div><div>acl office365 dst 134.170.27.64/26</div><div>acl office365 dst 134.170.48.0/26</div><div>acl office365 dst 134.170.65.64/26</div><div>acl office365 dst 134.170.128.192/26</div><div>acl office365 dst 134.170.170.64/26</div><div>acl office365 dst 191.232.2.64/26</div><div><br></div><div>acl dropbox dstdomain .dropbox.com</div><div>acl icloud dstdomain .icloud.com</div><div><br></div><div># Squid Cache</div><div>acl PURGE method PURGE</div><div><br></div><div>http_access deny manager !localhost</div><div>http_access allow PURGE localhost</div><div>http_access deny PURGE</div><div><br></div><div># The method ACL type allows you to restrict access based on the request HTTP method, i.e. GET (used for downloading), POST (used for uploading) and CONNECT (used for SSL data transfers)</div><div># It is very important that you stop CONNECT type requests to non-SSL ports. The CONNECT method allows data transfer in any direction at any time, regardless of the transport protocol used.</div><div>acl CONNECT method CONNECT</div><div>http_access deny CONNECT !SSL_ports</div><div><br></div><div># Deny access to all ports except the ones defined</div><div>http_access deny !Safe_ports</div><div># This blocks attempts to request http://localhost on the proxy server via the proxy. </div><div>http_access deny localhost</div><div># Deny caching for everyone so that there is not caching at all</div><div>cache deny all</div><div><br></div><div>http_access allow msdomains</div><div>http_access allow lync2013</div><div>http_access allow 365portal</div><div>http_access allow office365</div><div>http_access allow registars</div><div>http_access allow dropbox</div><div>http_access allow icloud</div><div><br></div><div>http_access allow CONNECT msdomains</div><div>http_access allow CONNECT lync2013</div><div>http_access allow CONNECT 365portal</div><div>http_access allow CONNECT office365</div><div>http_access allow CONNECT registars</div><div>http_access allow CONNECT dropbox</div><div>http_access allow CONNECT icloud</div><div><br></div><div># Deny access to proxy to everyone except Authorized Users group in AD</div><div>http_access deny !AuthorizedUsers</div><div><br></div><div># Disable caching</div><div>always_direct allow msdomains all</div><div>always_direct allow registars all</div><div>always_direct allow lync2013 all</div><div>always_direct allow 365portal all</div><div>always_direct allow office365 all</div><div><br></div><div># Allow direct connection if the destination machine is on LAN</div><div>always_direct allow lan_dst</div><div># Allow http access from machines on LAN</div><div>http_access allow lan_src</div><div># Default deny</div><div>http_access deny all</div><div>http_reply_access allow all</div><div>icp_access allow all</div><div><br></div><div># Squid should not check with neighbours'/parents' cache and should go to target web-server.</div><div>hierarchy_stoplist cgi-bin ?</div><div><br></div><div># Logging</div><div>cache_dir ufs c:/squid/var/cache 100 16 256</div><div>access_log c:/squid/var/logs/access.log squid</div><div>cache_log c:/squid/var/logs/cache.log</div><div>cache_store_log none</div><div>logfile_rotate 4</div><div>log_ip_on_direct on</div><div>debug_options ALL,1</div><div>log_fqdn off</div><div><br></div><div># SquidGuard</div><div>redirect_program c:/squidguard/squidguard.exe -c c:/squidguard/conf/squidguard.conf</div><div>redirect_children 5</div><div><br></div><div># Caching</div><div>cache_mgr ittechs@oppy.com</div><div>refresh_pattern ^ftp:<span class="Apple-tab-span" style="white-space:pre"> </span>1440<span class="Apple-tab-span" style="white-space:pre"> </span>20%<span class="Apple-tab-span" style="white-space:pre"> </span>10080</div><div>refresh_pattern ^gopher:<span class="Apple-tab-span" style="white-space:pre"> </span>1440<span class="Apple-tab-span" style="white-space:pre"> </span>0%<span class="Apple-tab-span" style="white-space:pre"> </span>1440</div><div>refresh_pattern -i (/cgi-bin/|\?) 0<span class="Apple-tab-span" style="white-space:pre"> </span>0%<span class="Apple-tab-span" style="white-space:pre"> </span>0</div><div>refresh_pattern .<span class="Apple-tab-span" style="white-space:pre"> </span>0<span class="Apple-tab-span" style="white-space:pre"> </span>20%<span class="Apple-tab-span" style="white-space:pre"> </span>4320</div><div><br></div><div># Dont cache these pages</div><div>acl DYNAMIC_CONTENT urlpath_regex cgi-bin \.cgi \.pl \.php3 \.asp \.php</div><div>no_cache deny DYNAMIC_CONTENT </div><div><br></div><div># Other stuff?</div><div>acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]</div><div>upgrade_http0.9 deny shoutcast</div><div>acl apache rep_header Server ^Apache</div><div>broken_vary_encoding allow apache</div><div>error_directory c:/squid/share/errors/English</div><div><br></div><div># Various features turned off.</div><div>snmp_port 0</div><div>icp_port 0</div><div>htcp_port 0</div><div><br></div><div>coredump_dir c:/squid/var/cache</div><div>pid_filename c:/squid/var/squid.pid</div><div>mime_table c:/squid/etc/mime.conf</div><div>unlinkd_program c:/squid/libexec/unlinkd.exe</div></div><div><br></div> </div></body>
</html>