|
squid to only allow office activation and not windows updates
hi all,
i have added all these lines to my squid config as it wasnt allowing office activation https://wiki.squid-cache.org/SquidFaq/WindowsUpdate but now its allowing office activation and now windows updates but i dont want it to do windows updates as this is managed by our WSUS server what are the corect lines to just do the office activation as when i comment out all the lines i get this 0 - TCP_DENIED/403 3810 GET http://www.microsoft.com/pkiops/cert...ity%202018.crt thanks, rob |
ok, i have found the rule for it
acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name .microsoft.com ssl_bump peek DiscoverSNIHost ssl_bump splice NoSSLIntercept ssl_bump bump all but the thing is both windows updates and office activation use the exact same cert file .microsoft.com/pkiops/certs/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crt im stuck or if i can get squid to block windows updates altogether? |
ok think i have done it
# acl DiscoverSNIHost at_step SslBump1 acl NoSSLIntercept ssl::server_name_regex -i .microsoft.com ssl_bump splice NoSSLIntercept ssl_bump peek DiscoverSNIHost ssl_bump bump all # #URL deny MIME types acl mimetype rep_mime_type application/octet-stream http_reply_access deny mimetype # as now windows can check for updates but it cant download as i have denied the octet-stream ie cab/exe files |
| All times are GMT -5. The time now is 01:25 PM. |