RESOLVED: Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://dl.delivery.mp.microsoft.com/filestreamingservice//files/
-
Help I keep getting this error for Windows updates with Squid guard running. Under the proxy live status it shows an attempt to connect to http and a url and will not pass traffic. Any ideas?
(Image: Error for http updates)
(Image: Squid Proxy showing abort)
-
https://forum.netgate.com/topic/35377/squidguard-squid-getting-default-access/14?_=1642466193772&lang=en-US
I adapted the config this did not resolve per the forum above
/usr/local/pkg/squidGuard_configurator.inc
Same result. Normalized this change.
This method change did not fix this issue.
-
No traffic will pass for http based update requests. If I go directly to this URL it will work and download however.
(Image: Traffic shows 0 and will timeout because of issues)
-
J JonathanLee referenced this topic on
-
Tested GPO's for Windows 10
Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service.
Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry:
Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy server for connecting to the network.
Ran netsh winhttp set proxy <proxy>:<port> "example 192.168.1.1:3128"
Reference cited:
Navigation. ConfigExamples/Caching/WindowsUpdates - Squid Web Proxy Wiki. (n.d.). Retrieved January 18, 2022, from https://wiki.squid-cache.org/ConfigExamples/Caching/WindowsUpdates
Mjcaparas. (n.d.). Configure device proxy and internet connection settings. Configure device proxy and Internet connection settings | Microsoft Docs. Retrieved January 18, 2022, from https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide
-
@jonathanlee system started a download and stopped at 2 percent this time after Winhttp proxy changes.
-
RESOLVED!!
Set GPOS to not configured per above. Reboot system Windows 10 and Netgate running pfSense. You must remove all Squidguard URL blocks for anything that is "azureedge. net", example fp-as-azureedge. net. Set Windows in two places one with "netsh http set proxy" to use with Http Updates.
Once this change was made the systems worked with http updates.
The other set Windows Proxy settings in GUI.
All update traffic now works.
-
-
-
A main issue I found also while working this was this log did not show populated in squidguard until a reinstall.
-
I also added ports to the safe port list that are specific to the firewall itself port 3128, 3129, 1344. The others that are added are specific to my needs and not related to the firewall.
-
@jonathanlee Traffic now shows flowing with http requests as well as solid hits for updates.
-
Playing with this setting also seemed to improve the refresh hits for windows updates.
Squid's updates that are cached are considered a different pc over the standard windows url that provides updates
