RESOLVED: Warning: Possible bypass attempt. Found multiple slashes where only one is expected: http://dl.delivery.mp.microsoft.com/filestreamingservice//files/

JonathanLee · Jan 18, 2022, 5:47 PM

Help I keep getting this error for Windows updates with Squid guard running. Under the proxy live status it shows an attempt to connect to http and a url and will not pass traffic. Any ideas?

(Image: Error for http updates)

(Image: Squid Proxy showing abort)

JonathanLee · Jan 18, 2022, 12:56 AM

@jonathanlee

https://forum.netgate.com/topic/35377/squidguard-squid-getting-default-access/14?_=1642466193772&lang=en-US

I adapted the config this did not resolve per the forum above

/usr/local/pkg/squidGuard_configurator.inc

Same result. Normalized this change.

This method change did not fix this issue.

JonathanLee · Jan 18, 2022, 9:04 AM

@jonathanlee

No traffic will pass for http based update requests. If I go directly to this URL it will work and download however.

(Image: Traffic shows 0 and will timeout because of issues)

JonathanLee · Jan 18, 2022, 9:04 AM

@jonathanlee

Tested GPO's for Windows 10

Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service.

Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry:

Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy server for connecting to the network.

Ran netsh winhttp set proxy <proxy>:<port> "example 192.168.1.1:3128"

Reference cited:

Navigation. ConfigExamples/Caching/WindowsUpdates - Squid Web Proxy Wiki. (n.d.). Retrieved January 18, 2022, from https://wiki.squid-cache.org/ConfigExamples/Caching/WindowsUpdates

Mjcaparas. (n.d.). Configure device proxy and internet connection settings. Configure device proxy and Internet connection settings | Microsoft Docs. Retrieved January 18, 2022, from https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?view=o365-worldwide

JonathanLee · Jan 18, 2022, 9:05 AM

@jonathanlee system started a download and stopped at 2 percent this time after Winhttp proxy changes.

JonathanLee · Jan 18, 2022, 5:46 PM

@jonathanlee

RESOLVED!!

Set GPOS to not configured per above. Reboot system Windows 10 and Netgate running pfSense. You must remove all Squidguard URL blocks for anything that is "azureedge. net", example fp-as-azureedge. net. Set Windows in two places one with "netsh http set proxy" to use with Http Updates.

Once this change was made the systems worked with http updates.

The other set Windows Proxy settings in GUI.

All update traffic now works.

JonathanLee · Jan 20, 2022, 5:31 PM

@jonathanlee

(Image: HITS)

(Image: Firewall wpad rules)

(Image: NAT rules)

JonathanLee · Jan 20, 2022, 5:34 PM

@jonathanlee

(Image: Refresh used)

Amazing thank you to all that have helped fix this.

JonathanLee · Jan 20, 2022, 5:35 PM

@jonathanlee

A main issue I found also while working this was this log did not show populated in squidguard until a reinstall.

JonathanLee · Jan 24, 2022, 10:28 PM

@jonathanlee

I also added ports to the safe port list that are specific to the firewall itself port 3128, 3129, 1344. The others that are added are specific to my needs and not related to the firewall.

JonathanLee · Jan 26, 2022, 8:08 PM

@jonathanlee Traffic now shows flowing with http requests as well as solid hits for updates.

JonathanLee · Jan 26, 2022, 8:08 PM

@jonathanlee

Playing with this setting also seemed to improve the refresh hits for windows updates.

Squid's updates that are cached are considered a different pc over the standard windows url that provides updates