On 3/08/2014 3:07 a.m., nuhll wrote: > im not able to fix it. > > Normal websites work. But i cant get it to cache (or even allow access to > Windows Update or Kaspersky). > > Whats i am doin wrong? > > 2014/08/02 17:05:35| The request GET > http://dnl-16.geo.kaspersky.com/updaters/updater.xml is DENIED, because it > matched 'localhost' > 2014/08/02 17:05:35| The reply for GET > http://dnl-16.geo.kaspersky.com/updaters/updater.xml is ALLOWED, because it > matched 'localhost' > > > 2014/08/02 17:06:32| The request CONNECT 62.128.100.41:443 is DENIED, > because it matched 'localhost' > 2014/08/02 17:06:32| The reply for CONNECT 62.128.100.41:443 is ALLOWED, > because it matched 'localhost' > > > 014/08/02 17:07:07| The request CONNECT sls.update.microsoft.com:443 is > DENIED, because it matched 'localhost' > 2014/08/02 17:07:07| The reply for CONNECT sls.update.microsoft.com:443 is > ALLOWED, because it matched 'localhost' > So what access.log linesmatch these transactions? > > my config atm: > debug_options ALL,1 33,2 > acl localnet src 192.168.0.0 > acl all src 0.0.0.0 1) you are defining the entire Internet to be a single IP address "0.0.0.0" ... which is invalid. This should be: acl all src all > acl localhost src 127.0.0.1 > > access_log daemon:/var/log/squid/access.test.log squid > > http_port 192.168.0.1:3128 transparent > > cache_dir ufs /daten/squid 100000 16 256 > > range_offset_limit 100 MB windowsupdate > maximum_object_size 6000 MB > quick_abort_min -1 > > > # Add one of these lines for each of the websites you want to cache. > > refresh_pattern -i > microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000 > reload-into-ims > > refresh_pattern -i > windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 432000 reload-into-ims > > refresh_pattern -i > windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 432000 > reload-into-ims > > refresh_pattern -i > geo.kaspersky.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 432000 reload-into-ims > > # DONT MODIFY THESE LINES > refresh_pattern \^ftp: 1440 20% 10080 > refresh_pattern \^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > > acl kaspersky dstdomain .kaspersky.com > acl windowsupdate dstdomain windowsupdate.microsoft.com > acl windowsupdate dstdomain .update.microsoft.com > acl windowsupdate dstdomain download.windowsupdate.com > acl windowsupdate dstdomain redir.metaservices.microsoft.com > acl windowsupdate dstdomain images.metaservices.microsoft.com > acl windowsupdate dstdomain c.microsoft.com > acl windowsupdate dstdomain www.download.windowsupdate.com > acl windowsupdate dstdomain wustat.windows.com > acl windowsupdate dstdomain crl.microsoft.com > acl windowsupdate dstdomain sls.microsoft.com > acl windowsupdate dstdomain productactivation.one.microsoft.com > acl windowsupdate dstdomain ntservicepack.microsoft.com > > acl CONNECT method CONNECT > acl wuCONNECT dstdomain www.update.microsoft.com > acl wuCONNECT dstdomain sls.microsoft.com > > http_access allow kaspersky localnet > http_access allow CONNECT wuCONNECT localnet > http_access allow windowsupdate localnet > > http_access allow localnet > http_access allow localhost > The above rule set is equivalent to: http_access allow localhost http_access deny !localnet http_access allow all Amos
