用于Windows更新的Centos Squid代理服务器

前端之家收集整理的这篇文章主要介绍了用于Windows更新的Centos Squid代理服务器前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我正在运行Centos 7作为我的操作系统并安装了squid来缓存我公司的 Windows更新.

通过日志文件,它显示所有内容都是tcp_miss,包括它何时访问Windows更新服务器.

我希望我的squid安装只缓存Windows更新.任何人都有任何想法发生了什么以及为什么它不缓存Windows更新?

以下是access.log文件的摘录:

1432161438.306 109488 192.168.5.163 TCP_MISS/200 4739 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 -
1432161441.375 110041 192.168.5.163 TCP_MISS/200 77216 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 -
1432161462.843    642 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/344/eqO8qdreMFHVsZPQHJe0cJKbush61hKMNSLH-GHMhZNC0gyHuu0CiOxud1YD3SlseyJzwmgic9qMFKrJvi2iP_ZVPlXHsmBt-a8QqO6MKTbQ5melaEY1Atd9fYSAYQRQgrChDZuAfCvHu2U5ddX40KEKuZF8YPclvhCb0giJpRgy7jPMiOyYA_wMJVDfGp5sGSbAVFEYRdJAR3hykIDkCPXPsqluymS-Y3axrSHHJzYG1b_F8GB04cbdakDlGZSBxwyHXbwiLzjcYfQ7K1ASldegziZO9ZUfRcZh1ce6txSK6qOZiDy45zaEUg63wIEEEM__EWcaJQmYIXIVS69vwQ== - HIER_DIRECT/104.72.70.19 text/html
1432161464.121      7 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/88/eqO8qdreMFHVsZPQHJe0cKMe63vDoh5niNui_qK5WZVN6azyvqm3qkTNA4CeLlgfBLjs_woCLvmIDOVQwkWfzQ== - HIER_DIRECT/104.72.70.19 text/html
1432161475.490   1793 192.168.5.163 TCP_MISS/200 6947 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
1432161475.892    399 192.168.5.163 TCP_MISS/200 5545 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
1432161487.787   1383 192.168.5.163 TCP_MISS/200 3074 CONNECT ieonlinews.microsoft.com:443 - HIER_DIRECT/131.253.34.240 -
1432161539.434  63609 192.168.5.163 TCP_MISS/200 8498 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
1432161578.224    235 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf0399b98e5d08e025bf6a03eddead1cef7af0edf488fd174e494ae518835ff9da21915bbe7aa372ec1c81e135a6361da635d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html
1432161578.559      6 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf09a839741bab62522e6bf975b8a4f628051bd7ab79e147e846b4fa2b6ca99524eb805125d90361b4738af1be64789a8e65d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html
1432161600.474    331 192.168.5.206 TCP_MISS/200 626 GET http://csm90-en.url.trendmicro.com/T/364/Q6aqjhhr3YQMpi9B-doTwi4FWHDaRESyTNq3zZ_1sX_X-hiFqggD7pEESKNYWwTGUOzuehXAiA3LwMcj4ro0WYN6zsxLXe4g-DX2HZ9dHAz7iA-

这是我目前的squid.conf文件

acl localnet src 172.16.0.0/12  # RFC1918 possible internal network

acl localnet src fc00::/7       # RFC 4193 local private network range

acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl localnet src corp.heffron-it.com.au



acl SSL_ports port 443

acl Safe_ports port 80      # http

acl Safe_ports port 21      # ftp

acl Safe_ports port 443     # https

acl Safe_ports port 70      # gopher

acl Safe_ports port 210     # wais

acl Safe_ports port 1025-65535  # unregistered ports

acl Safe_ports port 280     # http-mgmt

acl Safe_ports port 488     # gss-http

acl Safe_ports port 591     # filemaker

acl Safe_ports port 777     # multiling http

acl CONNECT method CONNECT



acl all src all

acl windowsupdate dstdomain windowsupdate.microsoft.com

acl windowsupdate dstdomain au.download.windowsupdate.com

acl windowsupdate dstdomain .update.microsoft.com

acl windowsupdate dstdomain download.windowsupdate.com

acl windowsupdate dstdomain redir.Metaservices.microsoft.com

acl windowsupdate dstdomain images.Metaservices.microsoft.com

acl windowsupdate dstdomain c.microsoft.com

acl windowsupdate dstdomain www.download.windowsupdate.com

acl windowsupdate dstdomain wustat.windows.com

acl windowsupdate dstdomain crl.microsoft.com

acl windowsupdate dstdomain sls.microsoft.com

acl windowsupdate dstdomain productactivation.one.microsoft.com

acl windowsupdate dstdomain ntservicepack.microsoft.com



acl wuCONNECT dstdomain www.update.microsoft.com

acl wuCONNECT dstdomain sls.microsoft.com

acl wuCONNECT dstdomain wpa.one.microsoft.com



http_access allow CONNECT wuCONNECT localnet

http_access allow CONNECT wuCONNECT localhost

http_access allow windowsupdate localnet

http_access allow windowsupdate localhost



cache_effective_user squid



http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports



http_access allow localhost manager
http_access deny manager



http_access allow localnet

http_access allow localhost



http_access allow WindowsUpdate


http_access allow CONNECT wuCONNECT localnet

http_access allow windowsupdate localnet



request_header_access Allow allow all

request_header_access Authorization allow all

request_header_access WWW-Authenticate allow all

request_header_access Proxy-Authorization allow all

request_header_access Proxy-Authenticate allow all

request_header_access Cache-Control allow all

request_header_access Content-Encoding allow all

request_header_access Content-Length allow all

request_header_access Content-Type allow all

request_header_access Date allow all

request_header_access Expires allow all

request_header_access Host allow all

request_header_access If-Modified-Since allow all

request_header_access Last-Modified allow all

request_header_access Location allow all

request_header_access Pragma allow all

request_header_access Accept allow all

request_header_access Accept-Charset allow all

request_header_access Accept-Encoding allow all

request_header_access Accept-Language allow all

request_header_access Content-Language allow all

request_header_access Mime-Version allow all

request_header_access Retry-After allow all

request_header_access Title allow all

request_header_access Connection allow all

request_header_access Proxy-Connection allow all

request_header_access User-Agent allow all

request_header_access Cookie allow all

request_header_access All deny all



refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims



refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims



refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims



http_access deny all


http_port 3128

cache_dir ufs /home/Cache/squid 102400 16 256





coredump_dir /home/Cache/squid

via off

forwarded_for off





refresh_pattern ^ftp:       1440    20% 10080

refresh_pattern ^gopher:    1440    0%  1440

refresh_pattern -i (/cgi-bin/|\?) 0 0%  0

refresh_pattern .       0   20% 4320
基于您在配置文件中已有的内容,我猜你已经找到了关于Windows更新的这个Squid FAQ: http://wiki.squid-cache.org/SquidFaq/WindowsUpdate

我建议指定以下缓存选项,以确保可以缓存更大的对象. maximum_object_size需要足够大以允许最大的更新文件. 32GB应该允许甚至是最大的Service Pack,甚至是您可能想要缓存的任何ISO文件.

cache_mem 512 MB
minimum_object_size 0
maximum_object_size 32768 MB
maximum_object_size_in_memory 16384 KB
range_offset_limit 32768 MB windowsupdate
quick_abort_min -1

如果这没有帮助,您可能还需要调查refresh_pattern行的以下附加选项(除了reload-into-ims):

> ignore-no-cache
> ignore-no-store
> ignore-private
>覆盖 – 过期
> override-lastmod
> ignore-reload

例如,我使用这样的行来缓存所有doc或pdf文件

refresh_pattern -i \.(doc|pdf)$4320 80% 86400 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload

猜你在找的Windows相关文章