LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS
Reload this Page squid to only allow office activation and not windows updates
User Name
Password
CentOS This forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.

Notices


Reply
  Search this Thread
Old 01-10-2020, 04:50 PM   #1
robertkwild
Member
 
Registered: Feb 2015
Posts: 382

Rep: Reputation: Disabled
squid to only allow office activation and not windows updates

hi all,

i have added all these lines to my squid config as it wasnt allowing office activation

https://wiki.squid-cache.org/SquidFaq/WindowsUpdate

but now its allowing office activation and now windows updates but i dont want it to do windows updates as this is managed by our WSUS server

what are the corect lines to just do the office activation

as when i comment out all the lines i get this

0 - TCP_DENIED/403 3810 GET http://www.microsoft.com/pkiops/cert...ity%202018.crt

thanks,
rob
 
Old 01-10-2020, 05:48 PM   #2
robertkwild
Member
 
Registered: Feb 2015
Posts: 382

Original Poster
Rep: Reputation: Disabled
ok, i have found the rule for it

acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name .microsoft.com
ssl_bump peek DiscoverSNIHost
ssl_bump splice NoSSLIntercept
ssl_bump bump all

but the thing is both windows updates and office activation use the exact same cert file

.microsoft.com/pkiops/certs/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crt

im stuck

or if i can get squid to block windows updates altogether?
 
Old 01-11-2020, 07:18 AM   #3
robertkwild
Member
 
Registered: Feb 2015
Posts: 382

Original Poster
Rep: Reputation: Disabled
ok think i have done it

#
acl DiscoverSNIHost at_step SslBump1
acl NoSSLIntercept ssl::server_name_regex -i .microsoft.com
ssl_bump splice NoSSLIntercept
ssl_bump peek DiscoverSNIHost
ssl_bump bump all
#
#URL deny MIME types
acl mimetype rep_mime_type application/octet-stream
http_reply_access deny mimetype
#

as now windows can check for updates but it cant download as i have denied the octet-stream ie cab/exe files
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Libre Office and Open Office both fail to open MS Office documents correctly. Observed Linux - Newbie 8 07-18-2014 10:48 AM
[SOLVED] Using hosts.allow to allow only postfix to use port 25 Mogget Linux - Server 3 03-28-2009 04:36 AM
hosts.allow file to allow only a single IP sailu_mvn Linux - Networking 2 06-06-2007 11:47 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > CentOS

All times are GMT -5. The time now is 01:29 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration