我正在运行Centos 7作为我的操作系统并安装了squid来缓存我公司的
Windows更新.
通过日志文件,它显示所有内容都是tcp_miss,包括它何时访问Windows更新服务器.
我希望我的squid安装只缓存Windows更新.任何人都有任何想法发生了什么以及为什么它不缓存Windows更新?
以下是access.log文件的摘录:
- 1432161438.306 109488 192.168.5.163 TCP_MISS/200 4739 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 -
- 1432161441.375 110041 192.168.5.163 TCP_MISS/200 77216 CONNECT exchange.heffron-it.com.au:443 - HIER_DIRECT/10.50.10.48 -
- 1432161462.843 642 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/344/eqO8qdreMFHVsZPQHJe0cJKbush61hKMNSLH-GHMhZNC0gyHuu0CiOxud1YD3SlseyJzwmgic9qMFKrJvi2iP_ZVPlXHsmBt-a8QqO6MKTbQ5melaEY1Atd9fYSAYQRQgrChDZuAfCvHu2U5ddX40KEKuZF8YPclvhCb0giJpRgy7jPMiOyYA_wMJVDfGp5sGSbAVFEYRdJAR3hykIDkCPXPsqluymS-Y3axrSHHJzYG1b_F8GB04cbdakDlGZSBxwyHXbwiLzjcYfQ7K1ASldegziZO9ZUfRcZh1ce6txSK6qOZiDy45zaEUg63wIEEEM__EWcaJQmYIXIVS69vwQ== - HIER_DIRECT/104.72.70.19 text/html
- 1432161464.121 7 192.168.5.163 TCP_MISS/200 528 GET http://csm90-en.url.trendmicro.com/T/88/eqO8qdreMFHVsZPQHJe0cKMe63vDoh5niNui_qK5WZVN6azyvqm3qkTNA4CeLlgfBLjs_woCLvmIDOVQwkWfzQ== - HIER_DIRECT/104.72.70.19 text/html
- 1432161475.490 1793 192.168.5.163 TCP_MISS/200 6947 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
- 1432161475.892 399 192.168.5.163 TCP_MISS/200 5545 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
- 1432161487.787 1383 192.168.5.163 TCP_MISS/200 3074 CONNECT ieonlinews.microsoft.com:443 - HIER_DIRECT/131.253.34.240 -
- 1432161539.434 63609 192.168.5.163 TCP_MISS/200 8498 CONNECT www.windowssearch.com:443 - HIER_DIRECT/204.79.197.200 -
- 1432161578.224 235 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf0399b98e5d08e025bf6a03eddead1cef7af0edf488fd174e494ae518835ff9da21915bbe7aa372ec1c81e135a6361da635d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html
- 1432161578.559 6 192.168.5.206 TCP_MISS/200 839 GET http://wfbs900-en.census.trendmicro.com/CENSUS/192/628a34bf49944a0519fedb6d65cafaf09a839741bab62522e6bf975b8a4f628051bd7ab79e147e846b4fa2b6ca99524eb805125d90361b4738af1be64789a8e65d174ae8fe5adb5f5d174ae8fe5adb5f5d174ae8fe5adb5ffd3c35acca94bf90 - HIER_DIRECT/104.72.70.19 text/html
- 1432161600.474 331 192.168.5.206 TCP_MISS/200 626 GET http://csm90-en.url.trendmicro.com/T/364/Q6aqjhhr3YQMpi9B-doTwi4FWHDaRESyTNq3zZ_1sX_X-hiFqggD7pEESKNYWwTGUOzuehXAiA3LwMcj4ro0WYN6zsxLXe4g-DX2HZ9dHAz7iA-
这是我目前的squid.conf文件:
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- acl localnet src corp.heffron-it.com.au
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- acl all src all
- acl windowsupdate dstdomain windowsupdate.microsoft.com
- acl windowsupdate dstdomain au.download.windowsupdate.com
- acl windowsupdate dstdomain .update.microsoft.com
- acl windowsupdate dstdomain download.windowsupdate.com
- acl windowsupdate dstdomain redir.Metaservices.microsoft.com
- acl windowsupdate dstdomain images.Metaservices.microsoft.com
- acl windowsupdate dstdomain c.microsoft.com
- acl windowsupdate dstdomain www.download.windowsupdate.com
- acl windowsupdate dstdomain wustat.windows.com
- acl windowsupdate dstdomain crl.microsoft.com
- acl windowsupdate dstdomain sls.microsoft.com
- acl windowsupdate dstdomain productactivation.one.microsoft.com
- acl windowsupdate dstdomain ntservicepack.microsoft.com
- acl wuCONNECT dstdomain www.update.microsoft.com
- acl wuCONNECT dstdomain sls.microsoft.com
- acl wuCONNECT dstdomain wpa.one.microsoft.com
- http_access allow CONNECT wuCONNECT localnet
- http_access allow CONNECT wuCONNECT localhost
- http_access allow windowsupdate localnet
- http_access allow windowsupdate localhost
- cache_effective_user squid
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access deny manager
- http_access allow localnet
- http_access allow localhost
- http_access allow WindowsUpdate
- http_access allow CONNECT wuCONNECT localnet
- http_access allow windowsupdate localnet
- request_header_access Allow allow all
- request_header_access Authorization allow all
- request_header_access WWW-Authenticate allow all
- request_header_access Proxy-Authorization allow all
- request_header_access Proxy-Authenticate allow all
- request_header_access Cache-Control allow all
- request_header_access Content-Encoding allow all
- request_header_access Content-Length allow all
- request_header_access Content-Type allow all
- request_header_access Date allow all
- request_header_access Expires allow all
- request_header_access Host allow all
- request_header_access If-Modified-Since allow all
- request_header_access Last-Modified allow all
- request_header_access Location allow all
- request_header_access Pragma allow all
- request_header_access Accept allow all
- request_header_access Accept-Charset allow all
- request_header_access Accept-Encoding allow all
- request_header_access Accept-Language allow all
- request_header_access Content-Language allow all
- request_header_access Mime-Version allow all
- request_header_access Retry-After allow all
- request_header_access Title allow all
- request_header_access Connection allow all
- request_header_access Proxy-Connection allow all
- request_header_access User-Agent allow all
- request_header_access Cookie allow all
- request_header_access All deny all
- refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
- refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
- refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
- http_access deny all
- http_port 3128
- cache_dir ufs /home/Cache/squid 102400 16 256
- coredump_dir /home/Cache/squid
- via off
- forwarded_for off
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
基于您在配置文件中已有的内容,我猜你已经找到了关于Windows更新的这个Squid FAQ:
http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
我建议指定以下缓存选项,以确保可以缓存更大的对象. maximum_object_size需要足够大以允许最大的更新文件. 32GB应该允许甚至是最大的Service Pack,甚至是您可能想要缓存的任何ISO文件.
- cache_mem 512 MB
- minimum_object_size 0
- maximum_object_size 32768 MB
- maximum_object_size_in_memory 16384 KB
- range_offset_limit 32768 MB windowsupdate
- quick_abort_min -1
如果这没有帮助,您可能还需要调查refresh_pattern行的以下附加选项(除了reload-into-ims):
> ignore-no-cache
> ignore-no-store
> ignore-private
>覆盖 – 过期
> override-lastmod
> ignore-reload
例如,我使用这样的行来缓存所有doc或pdf文件:
- refresh_pattern -i \.(doc|pdf)$4320 80% 86400 ignore-no-cache ignore-no-store ignore-private override-expire override-lastmod reload-into-ims ignore-reload
