Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid Caching Windows Updates

    Scheduled Pinned Locked Moved pfSense Packages
    3 Posts 2 Posters 15.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rhy7s
      last edited by

      Just wanted to check if anyone is caching Windows Updates with Squid? There's been a whole lot of usage on our connection (12916MB in the RRD summary but LightSquid only reports 1.0GB) and I was wondering if the instructions at http://doc.pfsense.org/index.php/Squid_Package_Tuning#Caching_Windows_Updates were to blame? I've changed the setting to those below as per http://wiki.squid-cache.org/SquidFaq/WindowsUpdate and will keep an eye on it but just wondered if anyone else had the same experience?

      range_offset_limit -1;
maximum_object_size 200 MB;
quick_abort_min -1;

refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims;

refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims;

refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims;

refresh_pattern \^ftp:           1440    20%     10080;
refresh_pattern \^gopher:        1440    0%      1440;
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0;
refresh_pattern .               0       20%     4320;
      1 Reply Last reply Reply Quote 0
      • N
        Nachtfalke
        last edited by 

        maximum_object_size 200 MB;

        You do not need to add this again. This can be done from GUI "Maximum object size"

        I am using:

        refresh_pattern -i .*microsoft\.com/.*\.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
refresh_pattern -i .*windowsupdate\.com/.*\.(cab|exe|msi|msp) 259200 100% 259200 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private;
range_offset_limit 100 MB;
quick_abort_pct 60;

        the first two lines force caching files from windowsupdate for 180 days
        range_offset_limit is a bit tricky to adjust.
        When using "-1" then you have the problem that alle files are completely cached. For example if a user starts a file download which has 100MB and aborts this download then the entire file will be downloaded because of the "-1" parameter. squid doen't matter if the user aborted the download or not.

        That's why I changed the value to "100 MB".
        This value has nothing to do with the maximum cached file size (maximum_object_size)!!!
        The range_offset_limit defines the interval which squid is caching.
        I try to explain it a simple way:

        I the example below the word "packets" could be megabyte or so. it's just an example

        • You have got a file which has the packet numbers from 1 to 1000
        • You start the download on packet 1 and you finish on packet 1000. Squid is caching the file
        • You start the download on packet 50 and you finish on packet 1000. Now range_offset_limit takes effect! squid is checking if the packets before packet 50 suit into the range_offset_limit value. The value is 100. So squid is starting caching on packet 1.
        • You start the download on packet 200 and you finish on packet 1000. Now range_offset_limit takes effect! squid is checking if the packets before packet 200 suit into the range_offset_limit value. The value is 100. So squid is starting caching on packet 100. (starting packet = 200, offset = 100: 200-100=starting point)

        The last command "quick_abort_pct" is another check. Squid is checking the size of a file. If the size of a file is 100MB and user has downloaded just 50MB (50 percent) and then aborts the download then squid stops caching the file. If the user downloaded 70MB of the 100MB file (70 percent) and then aborts the download squid is finishing the download and caches the file.

        Some experience from me on range_offset_limit value:

        In the past I started with Windows XP updates and a value of 0. It was working but I had the problem as you. WAN download was hughe and LAN download was less. BAD!
        Windows 7 ( and probably Vista) Updates do not really work with range_offset_limit 0. It seems that the download mechanism has changed.
        I changed the range_offset_limit to 50MB but then I had sometimes the problem if the download doesn't start on "packet 1" but on packet 200 that the file wasn't cached. So I increased the range_offset_limit to 100MB. That fits the most Windows Update sizes and I definitly can cache these files no matter if they start on packet 50 or packet 1 or somewhere else.

        Please remember that maximum_object_size is different from range_offset_limit.
        But maximum_object_size must be at least as big as or bigger than range_offset_limit to make sense. I am using maximum_object_size = 1024 MB

        http://doc.pfsense.org/index.php/Squid_Package_Tuning#Tweaking_Update_Caching_.2F_Squid_seems_to_download_on_its_own

        Hope this will help you!

        1 Reply Last reply Reply Quote 1
        • R
          rhy7s
          last edited by

          Thanks for the thorough reply, very helpful.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.