|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Well, let's see. 06.09.2016 21:12, Ahmed Alzaeem пишет: > yes i did . > > here is conf file again : > ######### > acl windowsupdate dstdomain windowsupdate.microsoft.com > acl windowsupdate dstdomain .update.microsoft.com > acl windowsupdate dstdomain download.windowsupdate.com > acl windowsupdate dstdomain redir.metaservices.microsoft.com > acl windowsupdate dstdomain images.metaservices.microsoft.com > acl windowsupdate dstdomain c.microsoft.com > acl windowsupdate dstdomain www.download.windowsupdate.com > acl windowsupdate dstdomain wustat.windows.com > acl windowsupdate dstdomain crl.microsoft.com > acl windowsupdate dstdomain sls.microsoft.com > acl windowsupdate dstdomain productactivation.one.microsoft.com > acl windowsupdate dstdomain ntservicepack.microsoft.com > > acl CONNECT method CONNECT > acl wuCONNECT dstdomain www.update.microsoft.com > acl wuCONNECT dstdomain sls.microsoft.com > > #http_access allow CONNECT wuCONNECT localnet > #http_access allow windowsupdate localnet > ####################### > # Updates: Windows > refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims > refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims > refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims > refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims > refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims > ########### > refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims > refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims > refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims Twice refresh pattern. Remove three lines above. > # DONT MODIFY THESE LINES > refresh_pattern \^ftp: 1440 20% 10080 > refresh_pattern \^gopher: 1440 0% 1440 > refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > refresh_pattern . 0 20% 4320 > ################################################################# > ########################### > # > # Recommended minimum configuration: > # > > # Example rule allowing access from your local networks. > # Adapt to list your (internal) IP networks from where browsing > # should be allowed > acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > acl localnet src fc00::/7 # RFC 4193 local private network range > acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines > > acl SSL_ports port 443 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 # https > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > > # > # Recommended minimum Access Permission configuration: > # > # Deny requests to certain unsafe ports > http_access allow CONNECT wuCONNECT localnet > http_access allow windowsupdate localnet > http_access deny !Safe_ports > > # Deny CONNECT to other than secure SSL ports > http_access deny CONNECT !SSL_ports > > # Only allow cachemgr access from localhost > http_access allow localhost manager > http_access deny manager > > # We strongly recommend the following be uncommented to protect innocent > # web applications running on the proxy server who think the only > # one who can access services on "localhost" is a local user > #http_access deny to_localhost > > # > # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS > # > > # Example rule allowing access from your local networks. > # Adapt localnet in the ACL section to list your (internal) IP networks > # from where browsing should be allowed > http_access allow localnet > http_access allow localhost > > # And finally deny all other access to this proxy > http_access deny all > > # Squid normally listens to port 3128 > http_port 192.168.0.1:3128 > > # Uncomment and adjust the following to add a disk cache directory. > cache_dir ufs /var/cache/squid 100 16 256 You specify only 100 megabytes sized cache_dir. Where do you think should be cached updates? For them, just not enough space. > > # Leave coredumps in the first cache dir > coredump_dir /var/cache/squid > > # > # Add any of your own refresh_pattern entries above these. > # > #refresh_pattern ^ftp: 1440 20% 10080 > #refresh_pattern ^gopher: 1440 0% 1440 > #refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > #refresh_pattern . 0 20% 4320 > ############# > range_offset_limit 5 Gb windowsupdate > maximum_object_size 5 Gb > quick_abort_min -1 > ######### > http_port 3129 intercept > ##################### > > > > cheers >> On Sep 6, 2016, at 6:01 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote: >> >> > http://wiki.squid-cache.org/ConfigExamples/Caching/WindowsUpdates > > Did you read this? > > > 06.09.2016 20:59, --Ahmad-- пишет: > >>> hi squid users . > >>> > >>> I’m trying to catch windows updates as cached object > >>> im testing with windows 10 pc > >>> > >>> i see all request as tcp_miss and the caching store is not getting > increase . > >>> > >>> ========= > >>> 1473173748.014 3603 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.022 12146 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.057 5321 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.155 3684 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.355 4832 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.612 12645 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.650 7276 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.720 12654 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173748.816 5064 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.022 4159 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.048 5618 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.177 7817 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.208 3383 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.318 5096 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.395 3986 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173749.850 13837 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173750.015 914 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173750.029 1365 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> 1473173750.420 7126 192.168.0.10 TCP_MISS/206 1049229 GET > http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/crup/2016/08/windows10.0-kb3176938-x64_6e080b0ebebeb8a463a297f5b14fcd03690eb1b8.psf > - ORIGINAL_DST/13.107.4.50 application/octet-stream > >>> > >>> ======================= > >>> > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# du -sh /var/cache/squid/ > >>> 17M /var/cache/squid/ > >>> root@raspberrypi:~# > >>> > >>> ============== > >>> here is squid config : > >>> > >>> root@raspberrypi:~# cat /etc/squid/squid.conf > >>> ######### > >>> acl windowsupdate dstdomain windowsupdate.microsoft.com > >>> acl windowsupdate dstdomain .update.microsoft.com > >>> acl windowsupdate dstdomain download.windowsupdate.com > >>> acl windowsupdate dstdomain redir.metaservices.microsoft.com > >>> acl windowsupdate dstdomain images.metaservices.microsoft.com > >>> acl windowsupdate dstdomain c.microsoft.com > >>> acl windowsupdate dstdomain www.download.windowsupdate.com > >>> acl windowsupdate dstdomain wustat.windows.com > >>> acl windowsupdate dstdomain crl.microsoft.com > >>> acl windowsupdate dstdomain sls.microsoft.com > >>> acl windowsupdate dstdomain productactivation.one.microsoft.com > >>> acl windowsupdate dstdomain ntservicepack.microsoft.com > >>> > >>> acl CONNECT method CONNECT > >>> acl wuCONNECT dstdomain www.update.microsoft.com > >>> acl wuCONNECT dstdomain sls.microsoft.com > >>> > >>> ####################### > >>> refresh_pattern -i > microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 43200 reload-into-ims > >>> refresh_pattern -i > windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 > 80% 43200 reload-into-ims > >>> refresh_pattern -i > windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% > 43200 reload-into-ims > >>> # DONT MODIFY THESE LINES > >>> refresh_pattern \^ftp: 1440 20% 10080 > >>> refresh_pattern \^gopher: 1440 0% 1440 > >>> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 > >>> refresh_pattern . 0 20% 4320 > >>> ################################################################# > >>> ########################### > >>> # > >>> # Recommended minimum configuration: > >>> # > >>> > >>> # Example rule allowing access from your local networks. > >>> # Adapt to list your (internal) IP networks from where browsing > >>> # should be allowed > >>> acl localnet src 10.0.0.0/8 # RFC1918 possible internal network > >>> acl localnet src 172.16.0.0/12 # RFC1918 possible internal network > >>> acl localnet src 192.168.0.0/16 # RFC1918 possible internal network > >>> acl localnet src fc00::/7 # RFC 4193 local private network range > >>> acl localnet src fe80::/10 # RFC 4291 link-local (directly > plugged) machines > >>> > >>> acl SSL_ports port 443 > >>> acl Safe_ports port 80 # http > >>> acl Safe_ports port 21 # ftp > >>> acl Safe_ports port 443 # https > >>> acl Safe_ports port 70 # gopher > >>> acl Safe_ports port 210 # wais > >>> acl Safe_ports port 1025-65535 # unregistered ports > >>> acl Safe_ports port 280 # http-mgmt > >>> acl Safe_ports port 488 # gss-http > >>> acl Safe_ports port 591 # filemaker > >>> acl Safe_ports port 777 # multiling http > >>> acl CONNECT method CONNECT > >>> > >>> > >>> http_access allow CONNECT wuCONNECT localnet > >>> http_access allow windowsupdate localnet > >>> http_access deny !Safe_ports > >>> > >>> # Deny CONNECT to other than secure SSL ports > >>> http_access deny CONNECT !SSL_ports > >>> > >>> # Only allow cachemgr access from localhost > >>> http_access allow localhost manager > >>> http_access deny manager > >>> > >>> > >>> http_access allow localnet > >>> http_access allow localhost > >>> > >>> # And finally deny all other access to this proxy > >>> http_access deny all > >>> > >>> # Squid normally listens to port 3128 > >>> http_port 192.168.0.1:3128 > >>> > >>> # Uncomment and adjust the following to add a disk cache directory. > >>> cache_dir ufs /var/cache/squid 100 16 256 > >>> > >>> # Leave coredumps in the first cache dir > >>> coredump_dir /var/cache/squid > >>> > >>> > >>> ############# > >>> range_offset_limit 200 MB windowsupdate > >>> maximum_object_size 200 MB > >>> quick_abort_min -1 > >>> ######### > >>> http_port 3129 intercept > >>> maximum_object_size 200000 KB > >>> > >>> > >>> > >>> > >>> thank you > >>> > >>> _______________________________________________ > >>> squid-users mailing list > >>> squid-users@xxxxxxxxxxxxxxxxxxxxx > >>> http://lists.squid-cache.org/listinfo/squid-users > >> >> <0x613DEC46.asc>_______________________________________________ >> squid-users mailing list >> squid-users@xxxxxxxxxxxxxxxxxxxxx >> http://lists.squid-cache.org/listinfo/squid-users > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJXzt2vAAoJENNXIZxhPexGs4cH/2Yjuzr54vMfdx4XdO9nUMri rCXzkOPFJmRCHIWcr31cxPvgMHCpmlhp5EtnmGdG5ZdEXxeWBcHLdwfMiqSYLfsI 8iNA3Lh0cAEWOf2kVPXzTI8MTSEjsxXnHmYPZrCP3A9xloBiBmhuRQbhENc3fXz4 IqvCHJHdsIHwlDyWaOyeQXydNX/keysZVRgaOjGztpboMrYMIJR/84qBYkdEaEsa e/Zzs2vO0UFTxwEOzZz1zOFNMYeul3UO5fZa59UY2XsAkzRacRC6SKgITMuMzp4B WtEAuTtVY7aXKoSjlJkb9Ts/iXYzB+hUz8hpU9iAZzBVpw2NeoNh1URjTh6LLUk= =ckYb -----END PGP SIGNATURE----- |
Attachment:
0x613DEC46.asc
Description: application/pgp-keys
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
