# Squid Proxy Not allowing any updates!!



## Pstonge (Jun 12, 2012)

Alright I am having a hard time getting squid to allow microsoft updates, or any other updates. Here is my squid.conf config file

=====================================
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10
auth_param basic credentialsttl 0

external_acl_type nt_group ttl=20 children=20 %
LOGIN /usr/lib/squid3/wbinfo_group.pl

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 192.168.0.0/16 #this is our network
acl NTLMUsers proxy_auth REQUIRED

#NCS Site List
acl allow_GlobalAllow url_regex -i "/etc/squid3/GlobalAllow.acl"
acl windowsupdate url_regex -i "/etc/squid3/windowsupdate.acl"
#acl deny_GlobalDeny url_regex -i "/etc/squid3/GlobalDeny.acl"

#Malware Block List
acl deny_malware url_regex -i "/etc/squid3/malware_block_list"

#NCS ACL
acl AD_Allow_All external nt_group GG_PROXY_ALLOW_ALL

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#Deny MALWARE
http_access deny deny_malware
#http_access deny deny_GlobalDeny

#NCS Allow List
http_access allow AD_Allow_All
http_access allow allow_GlobalAllow
http_access allow windowsupdate

#NCS Deny List

#Default List
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

#Squid Port
http_port 3128

#SQUID Logs
logformat proxy %tl %6tr %>a %Ss/%03>Hs %<st %[un %Sh/%<A %mt
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log
log_icp_queries off

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3

#NO Cache for Windowsupdates
no_cache deny allow_GlobalAllow

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320

#Administrative Parameters
#Cache_mgr PROXY
#cache_effective_user proxy
#cache_effective_group proxy
#httpd_suppress_version_string on
visible_hostname PROXY

#DNS Configuration
dns_nameservers 8.8.8.8 8.8.4.4 192.168.12.20

#This is the squid cache setup
cache_dir ufs /var/spool/squid3 40000 16 256

#Squid ADzapper Configuration
redirect_program /etc/squid3/wrapzap
redirect_children 20
redirector_bypass on
=================================================

If you notice in the #NCS Site List that there is an acl for windowsupdates.acl. That file contains the windows update list. But when I actually go to do updates, it just hangs up, and internet explorer crashes. 

We have another proxy server on our network, and when I connect to that one it allows me to update from microsoft, adobe, and everything else.

The second proxy is another linux proxy, but I do not have access to that proxy. 

Any help will be greatly appreciated.


----------



## joeten (Dec 4, 2008)

Hi you could look at this Linux Stories: How to setup Windows Update through Squid
I also think you need to be in the linux area


----------



## joeten (Dec 4, 2008)

moved


----------

