Search squid archive

Re: update windows

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2014-02-14 11:44, Claudia Cruz wrote:

hello again, I have installed squid 3.1 with Active Directory
authentication, and I still can not download updates, now a curious
thing happens when I try to download it asks me my user name and
password for my proxy, which should not do.
and within my configuration tested with the following

# ACLs Windows Update HTTP
acl WU dstdomain windowsupdate.microsoft.com
acl WU dstdomain .update.microsoft.com
acl WU dstdomain download.windowsupdate.com
acl WU dstdomain redir.metaservices.microsoft.com
acl WU dstdomain images.metaservices.microsoft.com
acl WU dstdomain c.microsoft.com
acl WU dstdomain www.download.windowsupdate.com
acl WU dstdomain wustat.windows.com
acl WU dstdomain crl.microsoft.com
acl WU dstdomain sls.microsoft.com
acl WU dstdomain productactivation.one.microsoft.com
acl WU dstdomain ntservicepack.microsoft.com

# ACLs Windows Update HTTPS
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com

acl HEAD method HEAD

# ACL Para permitir pugar un objecto del cache:
acl PURGE method PURGE
Performance Note: Unless you are actually making use of PURGE acl it is better to remove it completely from your config. Simply defining it for use makes Squid auto-enable extra complex/slow tracking of cached objects on each request. 



http_access allow CONNECT wuCONNECT localhost
http_access allow WU localhost
You have configured such that *only* the localhost IPs (127.0.0.1 or ::1) can do windows updates without authentication. All other traffic MUST get past the GrupoAD_filtrado1 check below.
Note that the wiki page examples are restricting these allow rules to *localnet* (not the "net" part). Which means the entire LAN can do updates, not just the Squid server machine. 



http_access allow GrupoAD_filtrado1
The following two do nothing. Because a) you already allowed all "CONNECT wuCONNECT localhost" matching traffic, AND b) you already allowed all "GrupoAD_filtrado1" matching traffic. 


http_access allow CONNECT wuCONNECT GrupoAD_filtrado1 localhost
http_access allow GrupoAD_filtrado1


Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux