Re: [squid-users] Squid and Windows Update
On Fri, 22 Jun 2007 13:53:57 +1200 (NZST) [EMAIL PROTECTED] wrote: > I have just added a FAQ page > (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of > this thread. Can anyone please make a link to http://wiki.squid-cache.org/SquidFaq/WindowsUpdate in http://wiki.squid-cache.org/SquidFaq/ ? Regards, Nerijus
Re: [squid-users] Squid and Windows Update
> On Fri, 22 Jun 2007 13:53:57 +1200 (NZST) [EMAIL PROTECTED] wrote: > >> I have just added a FAQ page >> (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of >> this thread. > > Can anyone please make a link to > http://wiki.squid-cache.org/SquidFaq/WindowsUpdate > in http://wiki.squid-cache.org/SquidFaq/ ? > Done. And the WU page updated with some more info found recently to make it play nice with Vista and Win98. Amos
Re: [squid-users] squid and Windows update
For me, sometimes it works, sometimes it doesn't. I made sure that .microsoft.com url is not cached or needing authentication. - Original Message - From: "Dominique Bagnato" <[EMAIL PROTECTED]> To: Sent: Monday, March 06, 2006 4:36 PM Subject: [squid-users] squid and Windows update Any problems downloading windows update througth squid ? Thank you. -- Dominique Bagnato - Head of the Technology Department. French International School - Bethesda, MD. USA Tel:301 530 8260 Ext:279 - http://www.rochambeau.org
Re: [squid-users] squid and Windows update
> Any problems downloading windows update througth squid ? > Thank you. > http://www.squid-cache.org/Doc/FAQ/FAQ-11.html#ss11.54 M.
Re: [squid-users] Squid and Windows Update
tor 2007-06-21 klockan 13:26 +0100 skrev Julian Pilfold-Bagwell: > PS: Below is a snap from the proxy log showing what's happening when I > try to connect. Thanks. The interesting log is the access.log, not store.log.. If I am to guess you might need to allow access to the windows update servers without using authentication. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid and Windows Update
tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell: > > If I am to guess you might need to allow access to the windows update > > servers without using authentication. > Is it possible to do that while retaining authentication for users? Yes. Just allow access to the windows update servers before where you normally require authentication. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel
Re: [squid-users] Squid and Windows Update
Henrik Nordstrom wrote: tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell: If I am to guess you might need to allow access to the windows update servers without using authentication. Is it possible to do that while retaining authentication for users? Yes. Just allow access to the windows update servers before where you normally require authentication. Regards Henrik That's what we do and it works very well. We do the same for common antivirus update sites too. :-) Just a thought on WindowsUpdate via squid though, it's very very slow through squid. Seems to take many minutes to check for updates, but when bypassing the proxy this is not the case. I wonder if this is normal for squid? cheers, Dietrich.
Re: [squid-users] Squid and Windows Update
We implement windows update through proxy without delay pool and there's no problem at all. acl fast dstdom_regex download.windowsupdate.com update.microsoft.com acl fast dstdom_regex download.microsoft.com ds.microsoft.com #direct bandwitdhfull access to websites delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_access 1 allow fast delay_access 1 deny all
Re: [squid-users] Squid and Windows Update
> Henrik Nordstrom wrote: >> tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell: >> If I am to guess you might need to allow access to the windows update servers without using authentication. >> >>> Is it possible to do that while retaining authentication for users? >> >> Yes. >> >> Just allow access to the windows update servers before where you >> normally require authentication. >> >> Regards >> Henrik > > That's what we do and it works very well. We do the same for common > antivirus update sites too. :-) > > Just a thought on WindowsUpdate via squid though, it's very very slow > through squid. Seems to take > many minutes to check for updates, but when bypassing the proxy this is > not the case. I wonder if > this is normal for squid? > It is a side effect of WindowsUpdate that has been seen before on occasion under some squid configs. WindowsUpdate apparently pulls its data from the main servers using partial Ranges. Squid does not to my knowledge fully support storage of partial ranges (we have plans to improve this but no sponsor yet I think). Also some configurations are set to always pull the entire file when a range is requested. The cachability settings of the WU servers may also be a factor. If your config has been set to always pull the entire file and cache it, you could try allowing squid to pull ranges and not cache them. Amos
Re: [squid-users] Squid and Windows Update
[EMAIL PROTECTED] wrote: That's what we do and it works very well. We do the same for common antivirus update sites too. :-) Just a thought on WindowsUpdate via squid though, it's very very slow through squid. Seems to take many minutes to check for updates, but when bypassing the proxy this is not the case. I wonder if this is normal for squid? It is a side effect of WindowsUpdate that has been seen before on occasion under some squid configs. WindowsUpdate apparently pulls its data from the main servers using partial Ranges. Squid does not to my knowledge fully support storage of partial ranges (we have plans to improve this but no sponsor yet I think). Also some configurations are set to always pull the entire file when a range is requested. The cachability settings of the WU servers may also be a factor. If your config has been set to always pull the entire file and cache it, you could try allowing squid to pull ranges and not cache them. Amos Thanks for that Amos. Can anyone please point me in the right direction to documentation about configuring such features? The WU issues probably needs expanding upon in the FAQs I guess. :-) Thanks in advance. Dietrich
Re: [squid-users] Squid and Windows Update
> > [EMAIL PROTECTED] wrote: >>> That's what we do and it works very well. We do the same for common >>> antivirus update sites too. :-) >>> >>> Just a thought on WindowsUpdate via squid though, it's very very slow >>> through squid. Seems to take >>> many minutes to check for updates, but when bypassing the proxy this is >>> not the case. I wonder if >>> this is normal for squid? >>> >>> >> >> It is a side effect of WindowsUpdate that has been seen before on >> occasion >> under some squid configs. >> >> WindowsUpdate apparently pulls its data from the main servers using >> partial Ranges. Squid does not to my knowledge fully support storage of >> partial ranges (we have plans to improve this but no sponsor yet I >> think). >> Also some configurations are set to always pull the entire file when a >> range is requested. >> The cachability settings of the WU servers may also be a factor. >> >> If your config has been set to always pull the entire file and cache it, >> you could try allowing squid to pull ranges and not cache them. >> >> >> Amos >> >> > > Thanks for that Amos. Can anyone please point me in the right direction > to documentation about configuring such features? The WU issues probably > needs expanding upon in the FAQs I guess. :-) > > Thanks in advance. > Dietrich > The relevant squid.conf settings I know of are: http_access and range_offset. Earlier posts here in squid-users or google may have better details. I have just added a FAQ page (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of this thread. Amos
Re: [squid-users] Squid and Windows Update
[EMAIL PROTECTED] wrote: Thanks for that Amos. Can anyone please point me in the right direction to documentation about configuring such features? The WU issues probably needs expanding upon in the FAQs I guess. :-) Thanks in advance. Dietrich The relevant squid.conf settings I know of are: http_access and range_offset. Earlier posts here in squid-users or google may have better details. I have just added a FAQ page (http://wiki.squid-cache.org/SquidFaq/WindowsUpdate) with the content of this thread. Amos Brilliant! Thanks. :-) Dietrich
Re: [squid-users] Squid and Windows Update
Henrik Nordstrom wrote: tor 2007-06-21 klockan 14:22 +0100 skrev Julian Pilfold-Bagwell: If I am to guess you might need to allow access to the windows update servers without using authentication. Is it possible to do that while retaining authentication for users? Yes. Just allow access to the windows update servers before where you normally require authentication. Regards Henrik Hi again, Does the first acl line: acl winupdate dstdomain .microsoft.com .windowsupdate.com not do this? I put the always_direct rule in before the mynetwork rule but it doesn't seem to do the trick. Thanks, Jools
RE: [squid-users] Squid and Windows Update.
I'm having the same issue here too, which I first noticed yesterday. It looks like https://v4.windowsupdate.microsoft.com/ works though. I assume that because Squid just relays SSL traffic, whatever causes the non-secure site to break is not affected. Any ideas on a permanent fix or workaround would be appreciated, though! Mike -Original Message- From: Palmer J.D.F. [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 7:19 AM To: [EMAIL PROTECTED] Subject: [squid-users] Squid and Windows Update. Hello, I'm having a bit of an issue with Squid and Windows Update. In the last day or so we have noticed machines on campus failing to get their WUs. All goes well until I click the "scan for updates" link and then I get an error, the M$ error is the seemingly infamous '0x800a138F' error. Many pages from the search below blame the new hosting arrangements that M$ have with Akamai, stating that Akamai are also a host for many ad banners so are often blocked by admin's. http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=0x800a13 8F However we don't appear to have any rules in our squid.conf that block access to that site, neither when I log the requests from my test machine does it deny access to any of the requests; Anyway on further investigation I have retrieved another M$ error code from the WU Log file on the client PC, this is '0x800C0002' which according to M$ is "Invalid URL". I only get this problem going through the squid boxes. Another twist to this is that if I turn the cache settings off in IE do a WU scan which succeeds and then turn the cache settings back on it works fine thereafter. However it is not possible for us to turn the cache setting off all the machines here, even if it were we'd have to open up the firewall to allow port 80 access for all machines rather than just the WWW and a select few admin machines. Is this a known bug with squid? Many thanks, Jezz Palmer. Jezz Palmer. Internet Systems Officer. Library and Information Services University of Wales, Swansea Singleton Park Swansea SA2 8PP
RE: [squid-users] Squid and Windows Update.
I am having the exact problem (see my post from yesterday). I have created a temporary work around by adding: acl windowsupdate dstdomain .windowsupdate.microsoft.com no_cache deny windowsupdate to squid.conf. Any other ideas? Grant -Original Message- From: Mike McCall [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 7:38 AM To: [EMAIL PROTECTED] Cc: 'Palmer J.D.F.' Subject: RE: [squid-users] Squid and Windows Update. I'm having the same issue here too, which I first noticed yesterday. It looks like https://v4.windowsupdate.microsoft.com/ works though. I assume that because Squid just relays SSL traffic, whatever causes the non-secure site to break is not affected. Any ideas on a permanent fix or workaround would be appreciated, though! Mike -Original Message- From: Palmer J.D.F. [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 03, 2003 7:19 AM To: [EMAIL PROTECTED] Subject: [squid-users] Squid and Windows Update. Hello, I'm having a bit of an issue with Squid and Windows Update. In the last day or so we have noticed machines on campus failing to get their WUs. All goes well until I click the "scan for updates" link and then I get an error, the M$ error is the seemingly infamous '0x800a138F' error. Many pages from the search below blame the new hosting arrangements that M$ have with Akamai, stating that Akamai are also a host for many ad banners so are often blocked by admin's. http://www.google.com/search?sourceid=navclient&ie=UTF-8&oe=UTF-8&q=0x800a13 8F However we don't appear to have any rules in our squid.conf that block access to that site, neither when I log the requests from my test machine does it deny access to any of the requests; Anyway on further investigation I have retrieved another M$ error code from the WU Log file on the client PC, this is '0x800C0002' which according to M$ is "Invalid URL". I only get this problem going through the squid boxes. Another twist to this is that if I turn the cache settings off in IE do a WU scan which succeeds and then turn the cache settings back on it works fine thereafter. However it is not possible for us to turn the cache setting off all the machines here, even if it were we'd have to open up the firewall to allow port 80 access for all machines rather than just the WWW and a select few admin machines. Is this a known bug with squid? Many thanks, Jezz Palmer. Jezz Palmer. Internet Systems Officer. Library and Information Services University of Wales, Swansea Singleton Park Swansea SA2 8PP This electronic message transmission is a PRIVATE communication which contains information which may be confidential or privileged. The information is intended to be for the use of the individual or entity named above. If you are not the intended recipient, please be aware that any disclosure, copying, distribution or use of the contents of this information is prohibited. Please notify the sender of the delivery error by replying to this message, or notify us by telephone (877-633-2436, ext. 0), and then delete it from your system.
RE: [squid-users] Squid and Windows Update.
On Wed, 3 Dec 2003, Sturgis, Grant wrote: > I am having the exact problem (see my post from yesterday). I have created a > temporary work around by adding: > > acl windowsupdate dstdomain .windowsupdate.microsoft.com > no_cache deny windowsupdate > > to squid.conf. > > Any other ideas? Look in access.log and try to figure out which cache hit is causing the conflict and then PURGE this object from the cache. Then complain to Microsoft for making WU server updates in a way which is not compatible with caches. Maybe they will eventually learn how to work in cooperation with caches. Regards Henrik
Re: [squid-users] Squid and Windows Update - SOLVED!!
Hi Henrik, It's cured. You were right about allowing access to winupdate. The confusing aspect is that some time back, we had to wrestle for a day to get it working after Windows updated itself. It turned out that you had to use the always_direct directive to get it work as it would crash out otherwise. Don't know what Microsoft have done to Windows Update but it now has to go back to http_allow. Thanks again, much appreciated, All the best, Julian Pilfold-Bagwell
Re: [squid-users] Squid and Windows Update - SOLVED!!
fre 2007-06-22 klockan 10:39 +0100 skrev Julian Pilfold-Bagwell: > It's cured. You were right about allowing access to winupdate. The > confusing aspect is that some time back, we had to wrestle for a day to > get it working after Windows updated itself. It turned out that you had > to use the always_direct directive to get it work as it would crash out > otherwise. > > Don't know what Microsoft have done to Windows Update but it now has to > go back to http_allow. always_direct has little or no effect on things. All always_direct does it making Squid ignore any cache_peers you may have. If you don't have any cache_peer then it's a no-operation thing as going direct is then the only option Squid has.. So if using always_direct did make any difference then you have a cache_peer which doesn't work with windows update, or otherwise it just started to work by accident. Regards Henrik signature.asc Description: Detta är en digitalt signerad meddelandedel