Squid Windows Update not hitting

nuski · May 31, 2016, 9:48 PM

Hey,

I have tried adding various custom refresh patters to try and cache these windows updates on my network but everyday I check the reports another user is pulling 2G+ from windows update.

Accessed site Connect Bytes Cumulative %

1 b1.download.windowsupdate.com 4 248 2.5 G 2.5 G 75.9%
2 download.windowsupdate.com 57 825.9 M 3.4 G 24.0%

my refresh patterns are as follows

refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern ([^.]+\.)?(download|(windows)?update)\.(microsoft\.)?com/.*\.(cab|exe|msi|msp|psf) 4320 100% 43200 reload-into-ims 
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi|psf) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims
refresh_pattern bg.v4.pr.dl.ws.microsoft.com/.*\.(cab|exe|dll|msi|psf) 4320 100% 43200 reload-into-ims

not sure if they are correct but it is based on those I read here and other places.

some guidance would be really appreciated, for those who have some proper refresh patters if you could share that would be great.

Regards

deajan · May 31, 2016, 10:15 PM

These are pulled from a working environment:


refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i avg.com/.*\.(bin) 4320 100% 43200 reload-into-ims
refresh_pattern -i symantecliveupdate.com/.*\.(zip|exe) 43200 100% 43200 reload-into-ims
refresh_pattern -i avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims
refresh_pattern -i avira-update.com/.*\.* 720 100% 10800 reload-into-ims
refresh_pattern -i (download|adcdownload).apple.com/.*\.(pkg|dmg) 4320 100% 43200 reload-into-ims

Probably not the best ones, but seem to work.
Have you increased Maximum Object Size to an insane value like 1000MB for big updates ?

aGeekhere · Jun 1, 2016, 1:18 PM

https://forum.pfsense.org/index.php?topic=111518.0

deajan · Jun 1, 2016, 4:31 PM

What's the output of:

squidclient -h 127.0.0.1 -p 3128 mgr:info | grep hit ?

KOM · Jun 1, 2016, 5:29 PM

squidclient output is only relevant for the past hour of traffic I think, so unless these WU objects are still in the cache from 2 weeks ago and someone does Windows Update in the past hour, you won't see anything relevant. Assuming the content is still in cache, the real test is to check your WAN & LAN traffic graphs. Content from cache will show as a huge LAN Out spike with no corresponding WAN In spike.

So far I have not yet seen anyone use squid to successfully cache Windows updates under 2.2.x. Just having refresh patterns isn't good enough. You also need to play with range_offset_limit, quick_abort_min and quick_abort_max, for instance. I have noticed that Windows 10 updates seem to play much nicer with squid, but all older updates seem to be a PITA. Please, somebody prove me wrong.

nuski · Jun 2, 2016, 12:44 AM

Thanks for the responses, checked the reports again today and another ip is pulling down over 4GB from windows update

@aGeekHere:

Have you increased Maximum Object Size to an insane value like 1000MB for big updates ?

Yea I have it set to 1GB but still no luck. will try the refresh patterns posted.

Regards