On 8/07/2015 1:57 a.m., Jasper Van Der Westhuizen wrote: > Hi list > > I have a problem with Windows 10 updates. It seems that Microsoft will do > updates via https now. > > --cut-- > 1436268325.765 5294 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 9899569 GET > http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?<http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?> > - HIER_DIRECT/165.165.47.19<http://DIRECT/165.165.47.19> > application/octet-stream > 1436268333.267 7484 xxx.xxx.xxx.xxx TCP_REFRESH_UNMODIFIED/206 21564261 GET > http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?<http://tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/0cbda2af-bf7d-4408-8a17-d305e378c8e5?> > - HIER_DIRECT/165.165.47.19<http://DIRECT/165.165.47.19> > application/octet-stream > 1436268430.871 147280 xxx.xxx.xxx.xxx TCP_TUNNEL/200 4267 CONNECT > cp201-prod.do.dsp.mp.microsoft.com:443 - > HIER_DIRECT/23.214.151.174<http://DIRECT/23.214.151.174> - > 1436268478.259 96621 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT > array204-prod.do.dsp.mp.microsoft.com:443 - > HIER_DIRECT/64.4.54.117<http://DIRECT/64.4.54.117> - > 1436268786.878 78517 xxx.xxx.xxx.xxx TCP_TUNNEL/200 5705 CONNECT > array204-prod.do.dsp.mp.microsoft.com:443 - > HIER_DIRECT/64.4.54.117<http://DIRECT/64.4.54.117> - > --cut-- > > To my knowledge there is no way to cache this.
Technically yes, there is no way to cache it without breaking into the HTTPS. > How would one handle this? Is it even possible to cache the updates? > SSL-Bump is the Squid feature for accessing HTTPS data in decrypted form for filtering and/or caching. However, that will depend on; a) being able to "bump" the crypto (if the WU app is validating server cert against a known signature its not), b) the content inside actually being HTTPS (they do updates via P2P now too), and c) the HTTP content inside being cacheable (no guarantees, but a good chance its about as cacheable as non-encrypted updates). You are the first to mention it, so there is no existing info on those requirements. Amos _______________________________ Thank you Amos. Like in Windows 8.1, these updates are HUGE. I will keep an eye on developments. Microsoft really makes things difficult. For now we will be shaping the bandwidth on the network layer. Kind Regards Jasper Disclaimer: http://www.shopriteholdings.co.za/Pages/ShopriteE-mailDisclaimer.aspx
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
