Re: Windows Update

This is a discussion on Re: Windows Update within the IPFilter forums, part of the System Security and Security Related category; I do have squid running but it does not proxy port 443. I don't believe this could be done, ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page Re: Windows Update

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 10-01-2003
Rolando
 
Posts: n/a
Default Re: Windows Update
I do have squid running but it does not proxy port 443. I don't believe this
could be done, can it? My users can get to the windows update web site
(port 80) but when it searches for update's it fails due to the fact it is
now
using https (port 443) and not the same server. Then it tries to download
the updates and it fails again. It uses yet again, another server and now is
back to using port 80.
Rolando

----- Original Message -----
From: "David Spezialie" <dspezialie@netspace.net.au>
To: "Rolando Morales" <RolandoMorales@torengineering.com>
Cc: <ipfilter@coombs.anu.edu.au>
Sent: Tuesday, September 30, 2003 6:27 PM
Subject: RE: Windows Update


Dear Rolando,

The easiest way to implement would be via squid:

# squid.conf v2.5.STABLE3
#================================================= ===============
# Allow windowsupdate.microsoft.com
# and deny everything else
acl windowsupdate dstdomain windowsupdate.microsoft.com
http_access allow windowsupdate
http_access deny all
#================================================= ===============

Other than that do lookup on windowsupdate.microsoft.com and add relevant
ip's to filter rules for port = '80' && port = '443'.

# /usr/bin/dig windowsupdate.microsoft.com

a822.cd.akamai.net. 19 IN A 63.211.153.87
a822.cd.akamai.net. 19 IN A 63.211.153.89
a822.cd.akamai.net. 19 IN A 63.211.153.94
a822.cd.akamai.net. 19 IN A 63.211.153.95
a822.cd.akamai.net. 19 IN A 63.211.153.102
a822.cd.akamai.net. 19 IN A 63.211.153.111
a822.cd.akamai.net. 19 IN A 63.211.153.70
a822.cd.akamai.net. 19 IN A 63.211.153.79
a822.cd.akamai.net. 19 IN A 63.211.153.80

Hope this helps you out ...

--

-david
<dspezialie(at)netspace.net.au>

"By the time they had diminished from 50 to 8, the other dwarves began to
suspect Hungry." -- a Larson cartoon


-----Original Message-----
From: Rolando Morales [mailto:RolandoMorales@torengineering.com]
Sent: Wednesday, 1 October 2003 09:24
To: ipfilter@coombs.anu.edu.au
Subject: Windows Update


I'm looking to allow my users (windows based) to use Windows Update anytime
of the day.
Even when they are not allowed to cruise the web. My problem is, I don't
know all the ip
address's that microsoft is using. Does anyone else have this problem? Is
there a way to
track this info down?
Rolando


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:08 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0