[squid-users] windows update not working squid 3.5.2
Amos Jeffries
squid3 at treenet.co.nz
Wed Sep 7 14:10:08 UTC 2016
On 7/09/2016 9:08 p.m., --Ahmad-- wrote:
> its same not caching at all
> 1473239296.459 990 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239296.576 1032 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239296.624 1183 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.332 1540 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.502 1145 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.509 1247 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.676 1376 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.836 666 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.911 1277 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.593 1146 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.601 1475 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.623 1550 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.174 1238 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.213 1327 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.576 1594 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.794 1527 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.070 1373 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.167 1356 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.321 1558 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.443 1347 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
>
That is expected, with maximum_object_size at the default value of 4MB
the object in those URLs is too large to be stored. It is ~231 MB big.
You need to place this line *before* the cache_dir line:
maximum_object_size 1 GB
NP: you used to have it *after* the cache_dir, which means the HDD used
4MB default and your new config limit was not used for any cache_dir.
> here is config file :
> #########
> acl windowsupdate dstdomain windowsupdate.microsoft.com
> acl windowsupdate dstdomain .update.microsoft.com
> acl windowsupdate dstdomain download.windowsupdate.com
> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> acl windowsupdate dstdomain images.metaservices.microsoft.com
> acl windowsupdate dstdomain c.microsoft.com
> acl windowsupdate dstdomain www.download.windowsupdate.com
> acl windowsupdate dstdomain wustat.windows.com
> acl windowsupdate dstdomain crl.microsoft.com
> acl windowsupdate dstdomain sls.microsoft.com
> acl windowsupdate dstdomain productactivation.one.microsoft.com
> acl windowsupdate dstdomain ntservicepack.microsoft.com
> acl windowsupdate dstdomain au.download.windowsupdate.com
> acl windowsupdate dstdomain ds.download.windowsupdate.com
> acl windowsupdate dstdomain ctldl.windowsupdate.com
> acl windowsupdate dstdomain .data.microsoft.com
> acl windowsupdate dstdomain .l.windowsupdate.com
> acl windowsupdate dstdomain .microsoft.com.akadns.net
> acl windowsupdate dstdomain .deploy.akamaitechnologies.com
> ###################################################
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain www.update.microsoft.com
> acl wuCONNECT dstdomain sls.microsoft.com
> ####################################
> refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> ########################################################
> refresh_pattern \^ftp: 1440 20% 10080
> refresh_pattern \^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
> ########################################################
> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7 # RFC 4193 local private network range
> acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
>
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access allow CONNECT wuCONNECT localnet
> http_access allow windowsupdate localnet
Given that your config simply has "allow localnet" after the security
rules. With nothing complicated like auth or domain restrictions. You do
not need the above rules at all. WU uses regular port 443.
> http_access deny !Safe_ports
>
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
>
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
>
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
>
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
>
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
>
> # And finally deny all other access to this proxy
> http_access deny all
>
> # Squid normally listens to port 3128
> http_port 192.168.0.1:3128
>
> # Uncomment and adjust the following to add a disk cache directory.
> cache_dir ufs /var/cache/squid 20000 16 256
>
> # Leave coredumps in the first cache dir
> #coredump_dir /var/cache/squid
>
> #
> # Add any of your own refresh_pattern entries above these.
> #
> #refresh_pattern ^ftp: 1440 20% 10080
> #refresh_pattern ^gopher: 1440 0% 1440
> #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> #refresh_pattern . 0 20% 4320
You already have refresh_pattern above. Remove the above lines entirely,
its just a waste of text in your config file that maybe confusing.
> #############
> #range_offset_limit 5 Gb windowsupdate
> #maximum_object_size 5 Gb
> #quick_abort_min -1
> range_offset_limit 0
In current Squid the above line means any Range: requested which is more
than 0 bytes into the file will be sent upstream as a Range request (the
reply to which is not cacheable).
Now use the word "none" in place of the 0 and see what changes.
> quick_abort_min 0 KB
> quick_abort_max 0 KB
> quick_abort_pct 90
> #########
> http_port 3129 intercept
> #####################
>
Amos
More information about the squid-users
mailing list