[squid-users] MS update woes

Amos Jeffries squid3 at treenet.co.nz
Tue Jan 19 05:59:42 UTC 2016 

On 18/01/2016 1:58 p.m., Alex Samad wrote:
> Hi
> 
> so I have this in place now
> 
> This works well for delaying YAY
> 
> #
> # Delay Pools
> # http://wiki.squid-cache.org/Features/DelayPools
> # http://www.serverwatch.com/tutorials/article.php/3357241/Reining-in-Bandwidth-With-Squid-Proxying.htm
> delay_pools 1
> delay_class 1 1
> 
> # 10Mb/s fille rate , 20Mb/s reserve
> # 10485760/8 = 1310720
> # 20971520/8 = 2621440
> delay_parameters 1 1310720/2621440
> 
> # What to delay
> acl Delay_ALL src all
> acl Delay_Domain dstdomain -i "/etc/squid/lists/delayDom.lst"
> 
> delay_access 1 deny DMZSRV
> delay_access 1 allow Delay_Domain
> 

> 
> But this doesn't seem to be working
> 
> 
> 
> # ####
> #  MS Windows UpDate ACL's
> # ####
> acl windowsupdate_url url_regex -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> acl windowsupdate_url url_regex -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> acl windowsupdate_url url_regex -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip)
> 
> 
> # http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
> # 800M for MS SQL patch file
> range_offset_limit 800 MB
> maximum_object_size 800 MB
> 
> range_offset_limit 800 MB windowsupdate_url
> maximum_object_size 800 MB windowsupdate_url

The first range_offset_limit has no ACLs, so it will always match and
prevent the second being used.

maximum_object_size does not take ACLs. It is a global size limit.

> 
> # http://www.squid-cache.org/Versions/v3/3.5/cfgman/quick_abort_min.html
> # If you want retrievals to always continue if they are being
> #       cached set 'quick_abort_min' to '-1 KB'.
> quick_abort_min -1
> 

> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 129600 reload-into-ims
> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
> 80% 129600 reload-into-ims
> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 129600 reload-into-ims
> 
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
> 
> 
> 
> I have turned this on to stop all but my test machine from downloading
> from there.
> # ####
> # Blockers
> # Off by default
> # ####
> # if there is a problem with MS update uncomment this
> http_access deny !DMZSRV windowsupdate_url
> 
> 
> seems like its not caching again.
> 

Hmm. Are you using the exact same HTTP headers as WU tools on the other
machines do to prefetch the URL into the cache ?

> 
> So I was thinking is there a way in the acl to allow some machine to
> access the url's but only if there are cached !
> and others to pull them down from the internet ??


miss_access directive does that.

Amos

More information about the squid-users mailing list