This issue has been discussed numerous times on this list. For an archive search, try: http://www.google.com/search?q=site:squid-cache.org+%2B%22Windows+Update%22&hl=en&lr=&start=30&sa=N Tim Rainier "Matt Ashfield" <mda@xxxxxx> 08/04/2005 11:36 AM Please respond to <mda@xxxxxx> To <squid-users@xxxxxxxxxxxxxxx> cc Subject still having problems with Mircosoft Update Hi All, I'm Running squid 2.5 on a RedHat Enterprise server. I'm running it as a transparent proxy, but am having problems getting it to allow users to get to windowsupdate properly. It can get to the site, but when it checks for updates, it fails. I've tried adjusting my MTU size, but this did not help. I think my issue is that WindowsUpdate uses port 443 and I'm not sure if I'm accommodating this in my configuration correctly. Below is as much info as I think may be useful. My iptables rule looks like below. The first line is to redirect all port 80 requests to my squid port of 3128. The other two lines are for DNS: iptables -t nat -A PREROUTING -s 192.168.144.0/23 -p tcp --dport 80 -j REDIRECT --to-port 3128 iptables -t nat -A POSTROUTING -p tcp --dport 53 -j SNAT --to-source x.x.144.200 iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source x.x.144.200 Within my squid.conf, I am running squid on port 3128. I have a redirector script, and have the following lines that seem pertinent: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 563 443 acl Safe_ports port 80 21 70 210 911 1025-65535 acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT redirector_access allow REDIRECT !SSL_ports As well, to allow windowsupdate sites I have: acl NoRedirect url_regex -i .*microsoft\.com acl NoRedirect url_regex -i .*akamai\.net acl NoRedirect url_regex -i .*akamai\.com acl NoRedirect url_regex -i .*windows\.com acl NoRedirect url_regex -i .*windowsupdate\.com acl NoRedirect url_regex -i .*windowsupdate\.net acl NoRedirect url_regex -i .*msft\.com acl NoRedirect url_regex -i .*msft\.net acl NoRedirect url_regex -i .*nsatc\.com acl NoRedirect url_regex -i .*nsatc\.net acl NoRedirect url_regex -i .*edgesuite\.net acl NoRedirect url_regex -i .*akadns\.com acl NoRedirect url_regex -i .*akadns\.net acl NoRedirect url_regex -i .*207.46.* acl NoRedirect url_regex -i .*64.2.21.* acl NoRedirect url_regex -i .*unb\.ca.* acl NoRedirect url_regex -i windowsupdate redirector_access deny NoRedirect Any help is greatly appreciated. Cheers Matt
