[squid-users] Windows 10 Feature Updates not coming through
Amos Jeffries
squid3 at treenet.co.nz
Wed Jun 27 19:31:59 UTC 2018
On 28/06/18 02:57, Paul Hackmann wrote:
> Hello. I can't figure out why, but I can get regular windows 10 updates
> through the proxy without problem, but the larger feature updates (1803)
> always fail to download.
Have you refreshed your knowledge of what the relevant config settings
are and what they do?
<https://wiki.squid-cache.org/SquidFaq/WindowsUpdate>
NP: the FAQ is heavy on what they do and values are indications only -
so that as these things change you can know what to tweak.
> I can do the windows 10 update assistant
> manually, and that seems to work ok. I'm not sure what I am missing.
> Do I have a problem with my configuration? I am trying to do the
> download through port 4120.
>
> http_port 3120
> http_port 4120 #intercept
>
> cache_dir ufs /var/spool/squid 10000 16 256
...
>
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain http://www.update.microsoft.com
This should be a FQDN or domain wildcard, not a URL. Remove the
'http://' portion.
IIRC, this wuCONNECT stuff is for CONNECT messages where the reverse-DNS
is needing to match the exact call-home sever WU uses/used. With this
broken it cannot do raw-IP fetches it sometimes needs.
The "allow windowsupdate localnet" will be allowing CONNECT things this
does not match for most fetches.
>
>
> range_offset_limit 10000 MB windowsupdate
So very, very large files (ie up to 9GB) will download the *entire*
object just to fetch and deliver the final, say 1MB (or worse 32KB) of
data to the client.
This limit should be much smaller IMO. Each range segment that the WU
downloader breaks the update into causes a new full copy to be fetched.
Wasting hundreds of multiples of 100-200 MB might be (relatively)
acceptable. But many _thousands_ of multiples of 10 GB, not so much.
Other than that I'm not seeing anything particularly notable about your
config. It may be related to how the D/L is being done. For example, if
it uses the Win10 P2P functionality then its unlikely to be going over
HTTP as the proxy requires.
Any way you can find out if there is a new domain being used for these
Win10 features?
The list in the FAQ page was last updated for Win8.0 IIRC, so there may
be something needing adding there.
Amos
More information about the squid-users
mailing list