[squid-users] windows update not working squid 3.5.2
Yuri Voinov
yvoinov at gmail.com
Tue Sep 6 15:15:59 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Well, let's see.
06.09.2016 21:12, Ahmed Alzaeem пишет:
> yes i did .
>
> here is conf file again :
> #########
> acl windowsupdate dstdomain windowsupdate.microsoft.com
> acl windowsupdate dstdomain .update.microsoft.com
> acl windowsupdate dstdomain download.windowsupdate.com
> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> acl windowsupdate dstdomain images.metaservices.microsoft.com
> acl windowsupdate dstdomain c.microsoft.com
> acl windowsupdate dstdomain www.download.windowsupdate.com
> acl windowsupdate dstdomain wustat.windows.com
> acl windowsupdate dstdomain crl.microsoft.com
> acl windowsupdate dstdomain sls.microsoft.com
> acl windowsupdate dstdomain productactivation.one.microsoft.com
> acl windowsupdate dstdomain ntservicepack.microsoft.com
>
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain www.update.microsoft.com
> acl wuCONNECT dstdomain sls.microsoft.com
>
> #http_access allow CONNECT wuCONNECT localnet
> #http_access allow windowsupdate localnet
> #######################
> # Updates: Windows
> refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf)
43200 80% 129600 reload-into-ims
> refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200
80% 129600 reload-into-ims
> refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200
80% 129600 reload-into-ims
> refresh_pattern -i
microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf)
43200 80% 129600 reload-into-ims
> refresh_pattern -i
deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf)
43200 80% 129600 reload-into-ims
> ###########
> refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims
> refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
80% 43200 reload-into-ims
> refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims
Twice refresh pattern. Remove three lines above.
> # DONT MODIFY THESE LINES
> refresh_pattern \^ftp: 1440 20% 10080
> refresh_pattern \^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> #################################################################
> ###########################
> #
> # Recommended minimum configuration:
> #
>
> # Example rule allowing access from your local networks.
> # Adapt to list your (internal) IP networks from where browsing
> # should be allowed
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7 # RFC 4193 local private network range
> acl localnet src fe80::/10 # RFC 4291 link-local (directly
plugged) machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access allow CONNECT wuCONNECT localnet
> http_access allow windowsupdate localnet
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 192.168.0.1:3128
>
> # Uncomment and adjust the following to add a disk cache directory.
> cache_dir ufs /var/cache/squid 100 16 256
You specify only 100 megabytes sized cache_dir. Where do you think
should be cached updates? For them, just not enough space.
>
> # Leave coredumps in the first cache dir
> coredump_dir /var/cache/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> #refresh_pattern ^ftp: 1440 20% 10080
> #refresh_pattern ^gopher: 1440 0% 1440
> #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> #refresh_pattern . 0 20% 4320
> #############
> range_offset_limit 5 Gb windowsupdate
> maximum_object_size 5 Gb
> quick_abort_min -1
> #########
> http_port 3129 intercept
> #####################
>
>
>
> cheers
>> On Sep 6, 2016, at 6:01 PM, Yuri Voinov <yvoinov at gmail.com> wrote:
>>
>>
> http://wiki.squid-cache.org/ConfigExamples/Caching/WindowsUpdates
>
> Did you read this?
>
>
> 06.09.2016 20:59, --Ahmad-- пишет:
> >>> hi squid users .
> >>>
> >>> I’m trying to catch windows updates as cached object
> >>> im testing with windows 10 pc
> >>>
> >>> i see all request as tcp_miss and the caching store is not getting
> increase .
> >>>
> >>> =========
> >>> 1473173748.014 3603 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.022 12146 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.057 5321 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.155 3684 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.355 4832 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.612 12645 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.650 7276 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.720 12654 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173748.816 5064 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.022 4159 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.048 5618 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.177 7817 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.208 3383 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.318 5096 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.395 3986 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173749.850 13837 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173750.015 914 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173750.029 1365 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>> 1473173750.420 7126 192.168.0.10 TCP_MISS/206 1049229 GET
>
http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf
> - ORIGINAL_DST/13.107.4.50 application/octet-stream
> >>>
> >>> =======================
> >>>
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~# du -sh /var/cache/squid/
> >>> 17M /var/cache/squid/
> >>> root at raspberrypi:~#
> >>>
> >>> ==============
> >>> here is squid config :
> >>>
> >>> root at raspberrypi:~# cat /etc/squid/squid.conf
> >>> #########
> >>> acl windowsupdate dstdomain windowsupdate.microsoft.com
> >>> acl windowsupdate dstdomain .update.microsoft.com
> >>> acl windowsupdate dstdomain download.windowsupdate.com
> >>> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> >>> acl windowsupdate dstdomain images.metaservices.microsoft.com
> >>> acl windowsupdate dstdomain c.microsoft.com
> >>> acl windowsupdate dstdomain www.download.windowsupdate.com
> >>> acl windowsupdate dstdomain wustat.windows.com
> >>> acl windowsupdate dstdomain crl.microsoft.com
> >>> acl windowsupdate dstdomain sls.microsoft.com
> >>> acl windowsupdate dstdomain productactivation.one.microsoft.com
> >>> acl windowsupdate dstdomain ntservicepack.microsoft.com
> >>>
> >>> acl CONNECT method CONNECT
> >>> acl wuCONNECT dstdomain www.update.microsoft.com
> >>> acl wuCONNECT dstdomain sls.microsoft.com
> >>>
> >>> #######################
> >>> refresh_pattern -i
> microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> >>> refresh_pattern -i
> windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
> 80% 43200 reload-into-ims
> >>> refresh_pattern -i
> windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
> 43200 reload-into-ims
> >>> # DONT MODIFY THESE LINES
> >>> refresh_pattern \^ftp: 1440 20% 10080
> >>> refresh_pattern \^gopher: 1440 0% 1440
> >>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> >>> refresh_pattern . 0 20% 4320
> >>> #################################################################
> >>> ###########################
> >>> #
> >>> # Recommended minimum configuration:
> >>> #
> >>>
> >>> # Example rule allowing access from your local networks.
> >>> # Adapt to list your (internal) IP networks from where browsing
> >>> # should be allowed
> >>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> >>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> >>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> >>> acl localnet src fc00::/7 # RFC 4193 local private network range
> >>> acl localnet src fe80::/10 # RFC 4291 link-local (directly
> plugged) machines
> >>>
> >>> acl SSL_ports port 443
> >>> acl Safe_ports port 80 # http
> >>> acl Safe_ports port 21 # ftp
> >>> acl Safe_ports port 443 # https
> >>> acl Safe_ports port 70 # gopher
> >>> acl Safe_ports port 210 # wais
> >>> acl Safe_ports port 1025-65535 # unregistered ports
> >>> acl Safe_ports port 280 # http-mgmt
> >>> acl Safe_ports port 488 # gss-http
> >>> acl Safe_ports port 591 # filemaker
> >>> acl Safe_ports port 777 # multiling http
> >>> acl CONNECT method CONNECT
> >>>
> >>>
> >>> http_access allow CONNECT wuCONNECT localnet
> >>> http_access allow windowsupdate localnet
> >>> http_access deny !Safe_ports
> >>>
> >>> # Deny CONNECT to other than secure SSL ports
> >>> http_access deny CONNECT !SSL_ports
> >>>
> >>> # Only allow cachemgr access from localhost
> >>> http_access allow localhost manager
> >>> http_access deny manager
> >>>
> >>>
> >>> http_access allow localnet
> >>> http_access allow localhost
> >>>
> >>> # And finally deny all other access to this proxy
> >>> http_access deny all
> >>>
> >>> # Squid normally listens to port 3128
> >>> http_port 192.168.0.1:3128
> >>>
> >>> # Uncomment and adjust the following to add a disk cache directory.
> >>> cache_dir ufs /var/cache/squid 100 16 256
> >>>
> >>> # Leave coredumps in the first cache dir
> >>> coredump_dir /var/cache/squid
> >>>
> >>>
> >>> #############
> >>> range_offset_limit 200 MB windowsupdate
> >>> maximum_object_size 200 MB
> >>> quick_abort_min -1
> >>> #########
> >>> http_port 3129 intercept
> >>> maximum_object_size 200000 KB
> >>>
> >>>
> >>>
> >>>
> >>> thank you
> >>>
> >>> _______________________________________________
> >>> squid-users mailing list
> >>> squid-users at lists.squid-cache.org
> >>> http://lists.squid-cache.org/listinfo/squid-users
>
>>
>> <0x613DEC46.asc>_______________________________________________
>> squid-users mailing list
>> squid-users at lists.squid-cache.org
>> http://lists.squid-cache.org/listinfo/squid-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJXzt2vAAoJENNXIZxhPexGs4cH/2Yjuzr54vMfdx4XdO9nUMri
rCXzkOPFJmRCHIWcr31cxPvgMHCpmlhp5EtnmGdG5ZdEXxeWBcHLdwfMiqSYLfsI
8iNA3Lh0cAEWOf2kVPXzTI8MTSEjsxXnHmYPZrCP3A9xloBiBmhuRQbhENc3fXz4
IqvCHJHdsIHwlDyWaOyeQXydNX/keysZVRgaOjGztpboMrYMIJR/84qBYkdEaEsa
e/Zzs2vO0UFTxwEOzZz1zOFNMYeul3UO5fZa59UY2XsAkzRacRC6SKgITMuMzp4B
WtEAuTtVY7aXKoSjlJkb9Ts/iXYzB+hUz8hpU9iAZzBVpw2NeoNh1URjTh6LLUk=
=ckYb
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160906/5f7fef8d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x613DEC46.asc
Type: application/pgp-keys
Size: 2437 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20160906/5f7fef8d/attachment-0001.key>
More information about the squid-users
mailing list