Hello. I can't figure out why, but I can get regular windows 10 updates through the proxy without problem, but the larger feature updates (1803) always fail to download. I can do the windows 10 update assistant manually, and that seems to work ok. I'm not sure what I am missing. Do I have a problem with my configuration? I am trying to do the download through port 4120.
http_port 3120 http_port 4120 #intercept cache_dir ufs /var/spool/squid 10000 16 256 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl whitelist dstdomain "/etc/squid/whitelist.conf" #acl deny_websites dstdomain "/etc/squid/deny_websites.conf" acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.metaservices.microsoft.com acl windowsupdate dstdomain images.metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl windowsupdate dstdomain .live.com acl windowsupdate dstdomain .digicert.com acl windowsupdate dstdomain .mp.microsoft.com acl windowsupdate dstdomain .cms.msn.com acl CONNECT method CONNECT acl wuCONNECT dstdomain http://www.update.microsoft.com range_offset_limit 10000 MB windowsupdate maximum_object_size 10000 MB quick_abort_min -1 auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd auth_param basic children 6 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 4 hours auth_param basic casesensitive off acl ncsa_users proxy_auth REQUIRED #acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid- internal-mgr/ #acl localhost src 127.0.0.1/32 ::1 #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines #acl http proto http acl SSL_ports port 443 acl port_80 port 80 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http #list of computers that have access by ip address acl allowed_clients src 192.168.0.9-192.168.0.45 192.168.0.53 192.168.0.65 192.168.0.83 192.168.0.90 192.168.0.91 192.168.0.179 192.168.0.186 192.168.0.220 192.168.0.221 192.168.0.244 acl portX myportname 4120 #ip addresses for 8x8.com webinar software acl 8x8 dst 8.5.248.0/23 8.28.0.0/22 63.209.12.0/24 162.221.236.0/23 162.221.238.0/23 192.84.16.0/22 acl CONNECT method CONNECT http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet #rule allowing nonauthenticated users #http_access allow http port_80 whitelist http_access allow CONNECT SSL_ports whitelist http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow manager localhost http_access deny manager # domains in deny_websites are DENIED for everybody. #http_access deny deny_websites # domains in whitelist are ALLOWED for everybody http_access allow whitelist # 8x8.com ip addresses are Allowed for everybody http_access allow 8x8 # port 4120 traffic is restricted to the above whitelisted domains http_access deny portX # otherwise; for port 3120 traffic ... # only specific clients with whitelisted IPs can use the proxy ... http_access deny !allowed_clients # ... and must also login http_access deny !ncsa_users http_access allow localnet http_access deny all Thanks. Paul
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
