Hi to everybody, hope that someone can help me with this issue. I've set up squid as transparent proxy and I would like to cache the Windows Update in order to gain bandwidth. I follow step by step the related page on the wiki but every time I try to download the windows updates from the setting page I get the message that because of internet connection the download of the updates is not possible. I would like to tell that I'm able to cache everything else comes from the win machine, just with the windows update I got this problem. I'm running Squid-3.5.27 on Ubuntu Server 16.04 LTS and the Win machine is on a VM bridged with a Debian client that is cached by Squid. Attached my config file. Best, Davide
# HTTP Rules http_port 3128 http_port 192.168.21.111:3129 intercept https_port 192.168.21.111:13130 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=4MB cert=/etc/squid/ssl_cert/myROOTCA.pem # ACL Rules acl localnet src 192.168.7.112 # RFC1918 internal network acl localnet src fe80::a2ce:c8ff:fe1e:bfb8 # RFC1918 internal network acl localwin src 10.0.2.15 # Win VM acl localhost src 127.0.0.0/32 # locahost acl windowsupdate dstdomain windowsupdate.com acl windowsupdate dstdomain microsoft.com acl windowsupdate dstdomain windows.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain download.microsoft.com acl windowsupdate dstdomain test.stats.update.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl CONNECT method CONNECT acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com acl wuCONNECT dstdomain microsoft.com acl wuCONNECT dstdomain windows.com acl wuCONNECT dstdomain windowsupdate.microsoft.com acl wuCONNECT dstdomain www.windowsupdate.com acl wuCONNECT dstdomain download.windowsupdate.com acl wuCONNECT dstdomain download.microsoft.com acl wuCONNECT dstdomain www.download.windowsupdate.com acl wuCONNECT dstdomain test.stats.update.microsoft.com acl wuCONNECT dstdomain ntservicepack.microsoft.com http_access allow CONNECT wuCONNECT localwin http_access allow windowsupdate localwin acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl step1 at_step SslBump1 # # HTTP_ACCESS RULES # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost http_access allow localnet http_access allow localwin http_access allow localhost # And finally deny all other access to this proxy http_access deny all # CACHE MANAGER visible_hostname 20150604-004.intern.modomoto.de # SSL DIRECTIVES ssl_bump peek step1 ssl_bump bump all sslcrtd_program /lib/squid/ssl_crtd -s /var/lib/squid/ssl_db -M 4MB sslcrtd_children 10 sslproxy_cert_error allow all # Tag: minimum_object_size # Object smaller than this size will NOT be saved on disk. # Default: # no limit # Tag: maximun_object_size # Set the default parameter for maxi-size on any cache_dir. range_offset_limit 10 GB windowsupdate maximum_object_size 10 GB quick_abort_min -1 # range_offset_limit none # Tag: cache_dir # Directives about storawge system in use. # Usage: cache_dir Sotrage_Format Directory Mbytes L1 L2. # "ufs" (Universal Flash Storage) is Squid default storage format. # 'mbytes' ist the amount of disk space (MB) tu use under this directory. # 'L1' is the number of first-level subdirectories which will be created under the 'Directory'. # 'L2' is the number of second-level subdirectories which will be created under each first-level directory. cache_dir ufs /var/spool/squid 200000 16 256 # OPTION FOR TROUBLESHOOTING # ---------------------------------------------------------------------------- # #Tag: cache_log # Squid administrative loggin file. # Default: # cache_log /var/log/squid/cache.log # Tag: coredump_dir # Directory where Squid dump core files. coredump_dir /var/spool/squid # MEMORY CACHE OPTIONS # -------------------------------------------------------------------------------- # Tag: cache_mem # Memory to use for caching very popular replies. cache_mem 2 GB #LOG OPTIONS # -------------------------------------------------------------------------------- # Tag: logformat # Logformat: client IP, client FQDN, client source port, local IP addr the client # connected to, request URL from client, HTTP status code sent to the client # logformat agix %>a %>A %>p %>la %>ul %>ru %>Hs # Tag: access_log # Configure whether and how Squid logs HTTP and ICP transactions. access_log /var/log/squid/access.log #agix # OPTIONS FOR TUNING THE CACHE # # refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f|p]|[ap]sf|wm[v|a]|dat|zip|psf) 4320 80% 43200 reload-into-ims refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern ^ftp: 1440 20% 10080 reload-into-ims refresh_pattern ^gopher: 1440 20% 7200 reload-into-ims refresh_pattern -i (/cgi-bin/|\?) 1400 20% 7200 reload-into-ims refresh_pattern . 1400 20% 7200 reload-into-ims # Tag: minimum_expiry_time (seconds) # The minimum caching time according to (Expires - Date) headers Squid # honors if the object can't be revalidated. # Default: # minimum_expiry_time 60 seconds minimum_expiry_time 600 seconds # Tag: request_header_max_size (KB) # This specifies the maximum size for HTTP headers in a request. # Request headers are usually relatively small (about 512 bytes). # Placing a limit on the request header size will cacth certain # bugs (persistent connection) and possibly bufferin-overflow # or denial-of-service attacks. # Default: # request_headers_max_size 64 KB # Tag: reply_headers_max_size (KB) # This specifies the maximum size for HTTP headers in a request. # Reply headers are usually relatively small (about 512 bytes). # Placing a limit on the reply header size will cacth certain # bugs (persistent connection) and possibly bufferin-overflow # or denial-of-service attacks. # Default: # reply_headers_max_size 64 KB
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
