[squid-users] windows update not working squid 3.5.2

Amos Jeffries squid3 at treenet.co.nz
Wed Sep 7 14:10:08 UTC 2016 

On 7/09/2016 9:08 p.m., --Ahmad-- wrote:
> its same not caching at all 
> 1473239296.459    990 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239296.576   1032 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239296.624   1183 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.332   1540 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.502   1145 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.509   1247 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.676   1376 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.836    666 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239297.911   1277 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.593   1146 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.601   1475 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239298.623   1550 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.174   1238 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.213   1327 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.576   1594 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239299.794   1527 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.070   1373 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.167   1356 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.321   1558 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 1473239300.443   1347 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.254.191.254 application/octet-stream
> 

That is expected, with maximum_object_size at the default value of 4MB
the object in those URLs is too large to be stored. It is ~231 MB big.

You need to place this line *before* the cache_dir line:
  	maximum_object_size 1 GB

NP: you used to have it *after* the cache_dir, which means the HDD used
4MB default and your new config limit was not used for any cache_dir.


> here is config file :
> #########
> acl windowsupdate dstdomain windowsupdate.microsoft.com
> acl windowsupdate dstdomain .update.microsoft.com
> acl windowsupdate dstdomain download.windowsupdate.com
> acl windowsupdate dstdomain redir.metaservices.microsoft.com
> acl windowsupdate dstdomain images.metaservices.microsoft.com
> acl windowsupdate dstdomain c.microsoft.com
> acl windowsupdate dstdomain www.download.windowsupdate.com
> acl windowsupdate dstdomain wustat.windows.com
> acl windowsupdate dstdomain crl.microsoft.com
> acl windowsupdate dstdomain sls.microsoft.com
> acl windowsupdate dstdomain productactivation.one.microsoft.com
> acl windowsupdate dstdomain ntservicepack.microsoft.com
> acl windowsupdate dstdomain au.download.windowsupdate.com
> acl windowsupdate dstdomain ds.download.windowsupdate.com
> acl windowsupdate dstdomain ctldl.windowsupdate.com
> acl windowsupdate dstdomain .data.microsoft.com
> acl windowsupdate dstdomain .l.windowsupdate.com
> acl windowsupdate dstdomain .microsoft.com.akadns.net
> acl windowsupdate dstdomain .deploy.akamaitechnologies.com
> ################################################### 
> acl CONNECT method CONNECT
> acl wuCONNECT dstdomain www.update.microsoft.com
> acl wuCONNECT dstdomain sls.microsoft.com
> ####################################
> refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
> ########################################################
> refresh_pattern \^ftp:           1440    20%     10080
> refresh_pattern \^gopher:        1440    0%      1440
> refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
> refresh_pattern .               0       20%     4320
> ########################################################
> acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
> acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
> acl localnet src fc00::/7       # RFC 4193 local private network range
> acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
> 
> acl SSL_ports port 443
> acl Safe_ports port 80          # http
> acl Safe_ports port 21          # ftp
> acl Safe_ports port 443         # https
> acl Safe_ports port 70          # gopher
> acl Safe_ports port 210         # wais
> acl Safe_ports port 1025-65535  # unregistered ports
> acl Safe_ports port 280         # http-mgmt
> acl Safe_ports port 488         # gss-http
> acl Safe_ports port 591         # filemaker
> acl Safe_ports port 777         # multiling http
> acl CONNECT method CONNECT
> 
> #
> # Recommended minimum Access Permission configuration:
> #
> # Deny requests to certain unsafe ports
> http_access allow CONNECT wuCONNECT localnet
> http_access allow windowsupdate localnet

Given that your config simply has "allow localnet" after the security
rules. With nothing complicated like auth or domain restrictions. You do
not need the above rules at all. WU uses regular port 443.


> http_access deny !Safe_ports
> 
> # Deny CONNECT to other than secure SSL ports
> http_access deny CONNECT !SSL_ports
> 
> # Only allow cachemgr access from localhost
> http_access allow localhost manager
> http_access deny manager
> 
> # We strongly recommend the following be uncommented to protect innocent
> # web applications running on the proxy server who think the only
> # one who can access services on "localhost" is a local user
> #http_access deny to_localhost
> 
> #
> # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
> #
> 
> # Example rule allowing access from your local networks.
> # Adapt localnet in the ACL section to list your (internal) IP networks
> # from where browsing should be allowed
> http_access allow localnet
> http_access allow localhost
> 
> # And finally deny all other access to this proxy
> http_access deny all
> 
> # Squid normally listens to port 3128
> http_port 192.168.0.1:3128
> 
> # Uncomment and adjust the following to add a disk cache directory.
> cache_dir ufs /var/cache/squid 20000 16 256
> 
> # Leave coredumps in the first cache dir
> #coredump_dir /var/cache/squid
> 
> #
> # Add any of your own refresh_pattern entries above these.
> #
> #refresh_pattern ^ftp:          1440    20%     10080
> #refresh_pattern ^gopher:       1440    0%      1440
> #refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
> #refresh_pattern .              0       20%     4320

You already have refresh_pattern above. Remove the above lines entirely,
its just a waste of text in your config file that maybe confusing.

> #############
> #range_offset_limit 5 Gb windowsupdate
> #maximum_object_size 5 Gb
> #quick_abort_min -1
> range_offset_limit 0

In current Squid the above line means any Range: requested which is more
than 0 bytes into the file will be sent upstream as a Range request (the
reply to which is not cacheable).

Now use the word "none" in place of the 0 and see what changes.


> quick_abort_min 0 KB
> quick_abort_max 0 KB
> quick_abort_pct 90
> #########
> http_port 3129 intercept
> #####################
> 

Amos

More information about the squid-users mailing list