[squid-users] Re: Cache Windows Updates ONLY

I found the discussion on the web post. On Nabble, which I presume
will not feed back to this list. I located the discussion forum from
the web site, have subscribed, and hope the message will be useful. A
web interface to this mailing list could be very useful to capture
important information from those users who seldom have something to
add.

I use a similar configuration on my Squid to the one used by HilltopsGM.

Microsoft have recently released an update 4Gb in size for Windows 8,
with range request downloads. This will likely cause Squid to use
excessive bandwidth. My cache was slaughtering bandwidth until I made
some changes.

it appears Microsoft now use psf files, which appear to cache OK.

#Note: include psf files
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320 80%
43200 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320
80% 43200 reload-into-ims

#Having already defined the windowsupdate ACL,
range_offset_limit -1 windowsupdate
quick_abort_min -1 KB windowsupdate
maximum_object_size 5000000 KB windowsupdate

#And for a cache replacement policy oriented to
#bandwidth conservation rather than latency
cache_replacement_policy heap LFUDA

--
My squid 3 configuration file now looks like:
debug_options ALL,2
acl all src all
http_access allow all
cache_store_log /var/log/squid/store.log
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl purge method PURGE
acl CONNECT method CONNECT
cache_mem 256 MB
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
acl lan src 10.10.10.1/24
http_access allow localhost
http_access allow lan
visible_hostname myclient.hostname.com
http_port 3128
cache_replacement_policy heap LFUDA
maximum_object_size 200000 KB
cache_dir ufs /home/smb/squid/squid 70000 16 256
coredump_dir /home/smb/squid/squid
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320 80%
43200 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|psf) 4320
80% 43200 reload-into-ims
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain swcdn.apple.com
acl windowsupdate dstdomain data-cdn.mbupdates.com
#header_access Pragma deny windowsupdate unrecognised in squid 3
#directives mentioned
http://www1.us.squid-cache.org/mail-archive/squid-users/200506/0684.html
- nick 16 Feb 09
range_offset_limit -1 windowsupdate
quick_abort_min -1 KB windowsupdate
maximum_object_size 5000000 KB  windowsupdate
##9 April 2014
##From http://wiki.squid-cache.org/Features/DelayPools
##limit squid to 1.2Mbit/second, reduce contention for updates
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 1200000/1200000
----------
On Tue, 20 Aug 2013 17:49:19 -0700 (PDT) HillTopsGM Wrote
Does this make sense then:
(START OF CODE FOR SQUID.CONF FILE)
#==========
#Below is what I'd copy and past from the FAQ for windows updates:
#==========
range_offset_limit -1
maximum_object_size 200 MB
quick_abort_min -1
# Add one of these lines for each of the websites you want to cache.
refresh_pattern -i
microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims
refresh_pattern -i
windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80%
43200 reload-into-ims
refresh_pattern -i
my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip)
4320 80% 43200 reload-into-ims
# DONT MODIFY THESE LINES
refresh_pattern \^ftp:           1440    20%     10080
refresh_pattern \^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com
acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet
http_access allow CONNECT wuCONNECT localnet
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localnet
http_access allow windowsupdate localhost
#======================
#Then I'd add this to ONLY cache the windows updates:
#======================
acl mywindowsupdates dstdomain .my.windowsupdate.website.com
.windowsupdate.com .microsoft.com
cache allow mywindowsupdates
always_direct allow all
(END OF CODE FOR SQUID.CONF FILE)
Should I change the
cache allow mywindowsupdates
always_direct allow all
... to
cache allow mywindowsupdates
cache deny all
Thanks for the help
p.s.
sorry - I had to edit the post a couple of times because I missed some
of the code. My apologies