Search squid archive

RE: squid3 WindowsUpdate failed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2007-11-06 at 09:24 +0000, Jorge Bastos wrote:
> Alex,
> The only ACL i have in squid.conf is:
> 
> ---
> acl all_cache src 0.0.0.0/0.0.0.0
> no_cache deny all_cache
> ---

OK, thanks.

> I'm one of the people who's having this problems.
> Now I'm using 3.0.PRE6 until this is fixed.

Can you help us troubleshoot the problem? Can you run the latest Squid3
daily snapshot and collect full debugging (debug_options ALL,9) logs
when Windows Update is malfunctioning?

Thank you,

Alex.

> -----Original Message-----
> From: Alex Rousskov [mailto:rousskov@xxxxxxxxxxxxxxxxxxxxxxx] 
> Sent: segunda-feira, 5 de Novembro de 2007 16:31
> To: Amos Jeffries
> Cc: John Mok; squid-users@xxxxxxxxxxxxxxx
> Subject: Re:  squid3 WindowsUpdate failed
> 
> On Sun, 2007-11-04 at 19:30 +1300, Amos Jeffries wrote:
> > I have just had the opportunity to do WU on a customers box and
> > managed to reproduce one of the possible WU failures.
> > 
> > This one was using WinXP, and the old WindowsUpdate (NOT 
> > MicrosoftUpdate, teht remains untested). With squid configured to
> > permit 
> > client access to:
> > 
> > # Windows Update / Microsoft Update
> > #
> > redir.metaservices.microsoft.com
> > images.metaservices.microsoft.com
> > c.microsoft.com
> > windowsupdate.microsoft.com
> > #
> > # WinXP / Win2k
> > .update.microsoft.com
> > download.windowsupdate.com
> > # Win Vista
> > .download.windowsupdate.com
> > # Win98
> > wustat.windows.com
> > crl.microsoft.com
> > 
> > AND also CONNECT access to www.update.microsoft.com:443
> > 
> > PROBLEM:
> >    The client box detects a needed update,
> >    then during the "Download Updates" phase it says "...failed!" and
> > stops.
> > 
> > CAUSE:
> > 
> > This was caused by a bug in squid reading the ACL:
> >    download.windowsupdate.com
> >       ...
> >    .download.windowsupdate.com
> > 
> >   - squid would detect that download.windowsupdate.com was a
> > subdomain 
> > of .download.windowsupdate.com  and .download.windowsupdate.com would
> > be 
> > culled off the ACL as unneeded.
> > 
> >   - That culled bit held the wildcard letting v4.download.* and 
> > www.download.* be retrieved later in the process.
> > 
> >   - BUT, specifying JUST .download.windowsupdate.com would cause 
> > download.windowsupdate.com/fubar to FAIL under the same circumstances.
> > 
> > during the WU process requests for application at 
> > www.download.windowsupdate.com/fubar and K/Q updates at 
> > v(3|4|5).download.windowsupdate.com/fubar2
> > would result in a 403 and thus the FAIL.
> > 
> > 
> > SOLUTION:
> >   Changing the wildcard match to an explicit for fixes this and WU 
> > succeeds again.
> > OR,
> >   Changing the wildcard to .windowsupdate.com also fixes the problem
> > for this test.
> 
> Can other folks experiencing Windows Update troubles with Squid3 confirm
> that their setup does not have the same ACL problem?
> 
> In general, if we do not find a way to get more information about the
> Windows Update problem, we would have to assume it does not exist in
> most environments and release Squid3 STABLE "as is". If you want the
> problem fixed before the stable Squid3 release, please help us reproduce
> or debug the problem.
> 
> Thank you,
> 
> Alex.
> 
> 


[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux