Search squid archive

Re: windows update not working squid 3.5.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



he eliezer 
right now i moved from arm to intel 
I’m using real pc
 i will  test the arm solution tomorrow .

for now i hope u can assist .

i got with ur advice and used now the store id solution .

but so far i have the hdd increase then suddenly decrease and so on
Thu 15 Sep 13:29:25 BST 2016
357M /cache/
Thu 15 Sep 13:29:40 BST 2016
335M /cache/
Thu 15 Sep 13:29:55 BST 2016
360M /cache/
Thu 15 Sep 13:30:10 BST 2016
472M /cache/
Thu 15 Sep 13:30:25 BST 2016
580M /cache/
Thu 15 Sep 13:30:40 BST 2016
656M /cache/
Thu 15 Sep 13:30:55 BST 2016
690M /cache/
Thu 15 Sep 13:31:11 BST 2016
543M /cache/
Thu 15 Sep 13:31:26 BST 2016
607M /cache/
Thu 15 Sep 13:31:41 BST 2016
438M /cache/

================

I’m sure there is wrong settings 

here is squid.conf as u asked the format 


here is store.log file 

i didn’t see any TCP_HIT in access.log 




again I’m sure the config above is not fine with windows 10 updates and so far I’m stuck and not able to have it working and caching correctly .



On Sep 14, 2016, at 11:13 PM, Eliezer Croitoru <eliezer@xxxxxxxxxxxx> wrote:

Hey Ahmad,
 




a
Try the new version of ms-updates from:
 
Since you are using an armX based system.
From my point of view on things I do not see the difference between other traffic to MS updates.
Windows Updates are HTTP requests and responses which are identical to other objects.
When a proxy or a service starts to see these things with "new" perspective my assumption is that something with either RAM or CPU or DISK is wrong and couple simple objects will clear out things about the proxy state.

What I need is a testing use case from the squid world jargon.
Are you using an Intercept proxy?
If so what type of Interception? Tproxy or Intercept?
What objects did you tried until now? Only Windows Updates?
Do you have a dump of these requests?(you can use http://wiki.squid-cache.org/KnowledgeBase/DebugSections)
The dumps should be using section 11 ie: debug_options ALL,1 11,6
With these dumps we need the corresponding access.log.
These should be enough to think about things and maybe re-test them.
Also What OS are you using?
 
Eliezer
 
----
Eliezer Croitoru
Linux System Administrator
Mobile: +972-5-28704261
Email: eliezer@xxxxxxxxxxxx
<image002.png>
 
From: squid-users [mailto:squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx] On Behalf Of --Ahmad--
Sent: Tuesday, September 6, 2016 8:08 PM
To: Yuri Voinov
Cc: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: windows update not working squid 3.5.2
 
/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.30 application/octet-stream
1473181228.768   1202 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.70.206 application/octet-stream
1473181229.117   1159 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.70.206 application/octet-stream
1473181229.265    984 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181229.525   1207 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181230.066   1314 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.70.206 application/octet-stream
1473181230.147    913 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181230.166   1659 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.30 application/octet-stream
1473181230.438   1233 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.30 application/octet-stream
1473181230.461   1569 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181230.621   1023 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181231.143   1219 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181231.166   1212 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181231.528   1131 192.168.0.10 TCP_MISS/206 1049142 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181231.601   1416 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.13.30 application/octet-stream
1473181231.784    938 192.168.0.10 TCP_MISS/206 1049144 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.13.46 application/octet-stream
1473181232.102   1565 192.168.0.10 TCP_MISS/206 1049142 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/software/defu/2016/08/am_base_9668287df050e32ce73537e6505b5101ec5dc7f0.exe - ORIGINAL_DST/8.253.70.206 application/octet-stream
1473181232.330   1453 192.168.0.10 TCP_MISS/206 1049146 GET http://fg.v4.download.windowsupdate.com/d/msdownload/update/driver/drvs/2015/10/200006767_cec6101480492a8c7be6e668ff3284626a787359.cab - ORIGINAL_DST/8.253.70.206 application/octet-stream


with squid.conf :
#########
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com

#http_access allow CONNECT wuCONNECT localnet
#http_access allow windowsupdate localnet
#######################
# Updates: Windows
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i microsoft.com.akadns.net/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
refresh_pattern -i deploy.akamaitechnologies.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 43200 80% 129600 reload-into-ims
###########
#refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
#refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
# DONT MODIFY THESE LINES
refresh_pattern \^ftp:           1440    20%     10080
refresh_pattern \^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
#################################################################
###########################
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.0.1:3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid 20000 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
#refresh_pattern ^ftp:          1440    20%     10080
#refresh_pattern ^gopher:       1440    0%      1440
#refresh_pattern -i (/cgi-bin/|\?) 0    0%      0
#refresh_pattern .              0       20%     4320
#############
range_offset_limit 5 Gb windowsupdate
maximum_object_size 5 Gb
quick_abort_min -1
#########
http_port 3129 intercept
#####################
On Sep 6, 2016, at 6:01 PM, Yuri Voinov <yvoinov@xxxxxxxxx> wrote:
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

http://wiki.squid-cache.org/ConfigExamples/Caching/WindowsUpdates

Did you read this?


06.09.2016 20:59, --Ahmad-- пишет:

hi squid users .

I’m trying to catch windows updates as cached object
im testing with  windows 10 pc

i see all request as tcp_miss and the caching store is not getting
increase .


=========
1473173748.014   3603 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.022  12146 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.057   5321 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.155   3684 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.355   4832 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.612  12645 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.650   7276 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.720  12654 192.168.0.10 TCP_MISS/206 1049229 GET
1473173748.816   5064 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.022   4159 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.048   5618 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.177   7817 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.208   3383 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.318   5096 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.395   3986 192.168.0.10 TCP_MISS/206 1049229 GET
1473173749.850  13837 192.168.0.10 TCP_MISS/206 1049229 GET
1473173750.015    914 192.168.0.10 TCP_MISS/206 1049229 GET
1473173750.029   1365 192.168.0.10 TCP_MISS/206 1049229 GET
1473173750.420   7126 192.168.0.10 TCP_MISS/206 1049229 GET

=======================

root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~# du -sh /var/cache/squid/
17M     /var/cache/squid/
root@raspberrypi:~#

==============
here is squid config :

root@raspberrypi:~# cat /etc/squid/squid.conf
#########
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com

#######################
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims

refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320
80% 43200 reload-into-ims

refresh_pattern -i
windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims

# DONT MODIFY THESE LINES
refresh_pattern \^ftp:           1440    20%     10080
refresh_pattern \^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
#################################################################
###########################
#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly
plugged) machines


acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT


http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager


http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 192.168.0.1:3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid


#############
range_offset_limit 200 MB windowsupdate
maximum_object_size 200 MB
quick_abort_min -1
#########
http_port 3129 intercept
maximum_object_size 200000 KB




thank you

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJXztpBAAoJENNXIZxhPexGSx4H/0bK8485yWhpNbGUIGtwvx9h
PTuRhfJP+f8xoTbTh/zH1TgXs21M953uf5DoYlynMBSeVXCfQQiUhDOs+0bqAjfD
JsLCXVpZdSYYWyX2aErjfZqKQO67aVkX+zJbAY/zlTJKG6Gxg1+ssQSEJaFWu6cK
J8KBudfWaKmPc9xdiZRfYFE6LKBSeQr93BqBF6s1SwdAPKEkspQmDTuqPZEwMwW5
zQfuI/HnIvynSE+SxCFYOAwka2zVAdewXfVyWqYyFCHaHnDkXkPmK/5zZJDOmqGi
erifbGQHRHAFWNnT4mMsHGjM3Wfz1bbhr+j+tZJkY4x116eVUMrVbbXRApY5nn0=
=ZaFG
-----END PGP SIGNATURE-----

<0x613DEC46.asc>_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux