Squid SSL Intercept, Transparent, Clam - Windows/Office Updates Through Squid?
-
I'm not Windows / Microsoft specialist but I'm surprised that such question is raised so often:
- I'm pretty sure you will find some suitable answer in this forum using search feature ;)
- Isn't WSUS part of the answer ?
For sure, given dynamic nature of web nowadays, tuning proxy cache is not obvious, especially because more and ore pages and components are not cached.
-
You must exclude some Domains from SSL interception in the section Custom ACLS (Before Auth).
acl broken_sites dstdomain .windowsupdate.microsoft.com acl broken_sites dstdomain .update.microsoft.com acl broken_sites dstdomain .ws.microsoft.com acl broken_sites dstdomain .mp.microsoft.com acl broken_sites dstdomain .delivery.microsoft.com ssl_bump none broken_sites -
Nope not working, giving error 80245006
-
The above list is widely incomplete in the first place.
-
Please provide us the complete list.
-
The above list is widely incomplete in the first place.
Mybe, but works for me. Updates for Windows 7 and 10 are working. This works only in Proxy mode, don't work in transparent mode. That's by design and normal.
-
It works in non transparent proxy mode from the starting, but no go in transparent.
-
W@exograpix:
Please provide us the complete list.
Please, research Google or use the search box on this forum.
-
It works in non transparent proxy mode from the starting, but no go in transparent.
Yes, as I told you. That's because in transparent mode the squid proxy don't know the name of the destination only the ip address. So you are not able to play around with names and domains. You have to know all the ip addresse of the destinations. That makes it very hard to configure. But what's the problem to configure a proxy in Windows? I use the transparent proxy only for devices that can't be configured to use a proxy.
-
Create Aliases Called add WindowsUpdate and the following list for the networking group
157.54.0.0/15
157.56.0.0/14
157.60.0.0/16
65.52.0.0/14
70.37.0.0/17
70.37.128.0/18
207.46.0.0/16
131.107.0.0/16
66.119.144.0/20
23.96.0.0/13
204.79.195.0/24
204.79.196.0/23
208.76.44.0/22
208.68.136.0/21
216.220.208.0/20
209.240.192.0/19
204.14.180.0/22
206.191.224.0/19
192.92.90.0/24
208.84.0.0/21
104.40.0.0/13
192.197.157.0/24
204.231.192.0/24
104.208.0.0/13
129.75.0.0/16
204.79.179.0/24
64.4.0.0/18
167.220.0.0/17
167.220.128.0/18
167.220.192.0/19
192.92.214.0/24
207.68.128.0/18
13.64.0.0/11
13.96.0.0/13
13.104.0.0/14
146.147.0.0/16
52.145.0.0/16
52.146.0.0/15
52.148.0.0/14
52.152.0.0/13
52.160.0.0/11
52.224.0.0/11
52.96.0.0/12
52.112.0.0/14
52.120.0.0/14
52.125.0.0/16
52.126.0.0/15
52.130.0.0/15
52.132.0.0/14
52.136.0.0/13
138.196.0.0/16
150.171.0.0/16
40.74.0.0/15
40.76.0.0/14
40.80.0.0/12
40.96.0.0/12
40.112.0.0/13
40.120.0.0/14
40.124.0.0/16
40.125.0.0/17
40.64.0.0/13
40.126.128.0/17
40.127.0.0/16
40.126.0.0/18
204.13.120.0/21
204.152.18.0/23
Then you go to Services –-> Squid Proxy Server ----> Bypass Proxy for These Destination IPs
Enter the created aliase called WindowsUpdate
And this way it fixes all the updates for Windows with Transparent Proxy