我正在运行Centos 7作为我的操作系统并安装了squid来缓存我公司的
Windows更新.
通过日志文件,它显示所有内容都是tcp_miss,包括它何时访问Windows更新服务器.
我希望我的squid安装只缓存Windows更新.任何人都有任何想法发生了什么以及为什么它不缓存Windows更新?
以下是access.log文件的摘录:
1432161438.306 109488 192.168.5.163 TCP_MISS/200 4739 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 - 1432161441.375 110041 192.168.5.163 TCP_MISS/200 77216 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 - 1432161462.843 642 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/344/eqO8qdreMFHVsZPQHJe0cJKbush61hKMNSLH-GHMhZNC0gyHuu0CiOxud1YD3SlseyJzwmgic9qMFKrJvi2iP_ZVPlXHsmBt-a8QqO6MKTbQ5melaEY1Atd9fYSAYQRQgrChDZuAfCvHu2U5ddX40KEKuZF8YPclvhCb0giJpRgy7jPMiOyYA_wMJVDfGp5sGSbAVFEYRdJAR3hykIDkCPXPsqluymS-Y3axrSHHJzYG1b_F8GB04cbdakDlGZSBxwyHXbwiLzjcYfQ7K1ASldegziZO9ZUfRcZh1ce6txSK6qOZiDy45zaEUg63wIEEEM__EWcaJQmYIXIVS69vwQ== - HIER_DIRECT/104.72.70.19 text/html 1432161464.121 7 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/88/eqO8qdreMFHVsZPQHJe0cKMe63vDoh5niNui_qK5WZVN6azyvqm3qkTNA4CeLlgfBLjs_woCLvmIDOVQwkWfzQ== - HIER_DIRECT/104.72.70.19 text/html 1432161475.490 1793 192.168.5.163 TCP_MISS/200 6947 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 - 1432161475.892 399 192.168.5.163 TCP_MISS/200 5545 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 - 1432161487.787 1383 192.168.5.163 TCP_MISS/200 3074 CONNECT ieonlinews.microsoft.com:443 - HIER_DIRECT/131.253.34.240 - 1432161539.434 63609 192.168.5.163 TCP_MISS/200 8498 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 - 1432161578.224 235 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf0399b98e5d08e025bf6a03eddead1cef7af0edf488fd174e494ae518835ff9da21915bbe7aa372ec1c81e135a6361da635d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html 1432161578.559 6 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf09a839741bab62522e6bf975b8a4f628051bd7ab79e147e846b4fa2b6ca99524eb805125d90361b4738af1be64789a8e65d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html 1432161600.474 331 192.168.5.206 TCP_MISS/200 626 GET http://csm90-en.url.trendmicro.com/T/364/Q6aqjhhr3YQMpi9B-doTwi4FWHDaRESyTNq3zZ_1sX_X-hiFqggD7pEESKNYWwTGUOzuehXAiA3LwMcj4ro0WYN6zsxLXe4g-DX2HZ9dHAz7iA-
这是我目前的squid.conf文件:
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl localnet src corp.heffron-it.com.au acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl all src all acl windowsupdate dstdomain windowsupdate.microsoft.com acl windowsupdate dstdomain au.download.windowsupdate.com acl windowsupdate dstdomain .update.microsoft.com acl windowsupdate dstdomain download.windowsupdate.com acl windowsupdate dstdomain redir.Metaservices.microsoft.com acl windowsupdate dstdomain images.Metaservices.microsoft.com acl windowsupdate dstdomain c.microsoft.com acl windowsupdate dstdomain www.download.windowsupdate.com acl windowsupdate dstdomain wustat.windows.com acl windowsupdate dstdomain crl.microsoft.com acl windowsupdate dstdomain sls.microsoft.com acl windowsupdate dstdomain productactivation.one.microsoft.com acl windowsupdate dstdomain ntservicepack.microsoft.com acl wuCONNECT dstdomain www.update.microsoft.com acl wuCONNECT dstdomain sls.microsoft.com acl wuCONNECT dstdomain wpa.one.microsoft.com http_access allow CONNECT wuCONNECT localnet http_access allow CONNECT wuCONNECT localhost http_access allow windowsupdate localnet http_access allow windowsupdate localhost cache_effective_user squid http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager http_access allow localnet http_access allow localhost http_access allow WindowsUpdate http_access allow CONNECT wuCONNECT localnet http_access allow windowsupdate localnet request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access Cookie allow all request_header_access All deny all refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims http_access deny all http_port 3128 cache_dir ufs /home/Cache/squid 102400 16 256 coredump_dir /home/Cache/squid via off forwarded_for off refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
基于您在配置文件中已有的内容,我猜你已经找到了关于Windows更新的这个Squid FAQ:
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
我建议指定以下缓存选项,以确保可以缓存更大的对象. maximum_object_size需要足够大以允许最大的更新文件. 32GB应该允许甚至是最大的Service Pack,甚至是您可能想要缓存的任何ISO文件.
cache_mem 512 MB minimum_object_size 0 maximum_object_size 32768 MB maximum_object_size_in_memory 16384 KB range_offset_limit 32768 MB windowsupdate quick_abort_min -1
如果这没有帮助,您可能还需要调查refresh_pattern行的以下附加选项(除了reload-into-ims):
> ignore-no-cache
> ignore-no-store
> ignore-private
>覆盖 – 过期
> override-lastmod
> ignore-reload
例如,我使用这样的行来缓存所有doc或pdf文件:
refresh_pattern -i \.(doc|pdf)$4320 80% 86400 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload