Hallo,
ich habe auf unserem SP-Squid den Traffic für das gesamte Netz limitiert, jetzt ist mir aber aufgefallen, dass es zeitweilig trotzdem mehr Traffic gibt, als eigendlich erlaubt ist. Im Log habe ich dann Folgendes gefunden:
http://download.windowsupdate.com/msdow ... 8f46f5.exe *EXCEPTION* Exception site match. GET 7211
Nachdem ich den WSUS deaktiviert habe, stimmte auch der Traffic wieder. Könnt Ihr das Verhalten bestätigen und gibt es für die Windows Update Site generell eine Exception?
VG
WSUS und Squid Trafficlimit
Moderator: Securepoint
Hallo,
ja für bestimmt Seiten gibt es eine Ausnahme wie (securepoint.de oder update.microsoft.com), wann und ob die greifen kann ich ohne Template nicht sagen.
ja für bestimmt Seiten gibt es eine Ausnahme wie (securepoint.de oder update.microsoft.com), wann und ob die greifen kann ich ohne Template nicht sagen.
There are 10 types of people in the world... those who understand binary and those who don\'t.
OK, hier mal das Template. Interessant wäre die Frage, ob sich die Bremse auch für den WSUS (bzw. Update Site) einschalten läßt... VG
http_port 127.0.0.1:49221 transparent
#IF ${OUTGOING_ADDR}
tcp_outgoing_address ${OUTGOING_ADDR}
#ENDIF
# Kaskadierung
#IF ${ENABLE_FORWARD}=1
cache_peer ${FORWARD_PROXY_IP} parent ${FORWARD_PROXY_PORT} 0 default no-query
#ENDIF
icp_port 0
acl QUERY urlpath_regex cgi-bin \\?
acl all src 0.0.0.0/0.0.0.0
no_cache deny all
cache_mem 16 MB
cache_swap_low 70
cache_swap_high 75
maximum_object_size 4096 KB
ipcache_size 1024
ipcache_low 70
ipcache_high 75
fqdncache_size 1024
#cache_dir ufs /var/spool/squid 1000 16 256
cache_dir null /dev/null
#cache_access_log /var/log/squid/access.log
cache_access_log /dev/null
#cache_log /var/log/squid/cache.log
cache_log /dev/null
#cache_store_log /var/log/squid/store.log
cache_store_log /dev/null
emulate_httpd_log off
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
ftp_user anonymous@foo
unlinkd_program /usr/libexec/unlinkd
# Authentisierung mit lokaler Datenbank
#IF ${ENABLE_AUTH_LOCAL}=1
auth_param basic program /usr/libexec/ncsa_auth /etc/squid/squid_user.dat
#ENDIF
# Authentisierung mit Radius
#IF ${ENABLE_AUTH_RADIUS}=1
auth_param basic program /usr/bin/squid_radius_auth -f /etc/squid_radius_auth.conf
#ENDIF
# Authentisierung mit LDAP oder AD
#IF ${ENABLE_AUTH_LDAP}=1
auth_param basic program /usr/libexec/squid_spldap_auth -h ${GLOB_LDAP_URI} -d ${GLOB_AD_DOMAIN}
#ENDIF
auth_param basic realm Securepoint Firewall
auth_param basic children 32
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
connect_timeout 120 seconds
read_timeout 15 minutes
request_timeout 30 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
# Authentisierunf erforderlich
#IF ${ENABLE_AUTH_LOCAL}=1
acl authentication proxy_auth REQUIRED
#ENDIF
#IF ${ENABLE_AUTH_RADIUS}=1
acl authentication proxy_auth REQUIRED
#ENDIF
#IF ${ENABLE_AUTH_LDAP}=1
acl authentication proxy_auth REQUIRED
#ENDIF
# Webseiten filtern
acl porn url_regex "/etc/squid/denied.txt"
acl noporn url_regex "/etc/squid/nodenied.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
follow_x_forwarded_for allow localhost
acl SSL_ports port 443
acl Safe_ports port 20 21 80 81 443 1025-65535
acl CONNECT method CONNECT
# Download Grösse beschränken
#IF ${ENABLE_SIZE_LIMIT}=1
reply_body_max_size ${REPLY_BODY_MAX_SIZE} allow all
#ELSE
reply_body_max_size 0 allow all
#ENDIF
# Kaskadierung
#IF ${ENABLE_FORWARD}=1
never_direct allow all
#ENDIF
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Zugriff erlaubt mit oder ohne Authentisierung
#IF ${ENABLE_EXCEPTION_URL_LIST}=1
http_access allow noporn all
#ENDIF
#IF ${ENABLE_AUTH_LOCAL}=1
http_access allow authentication all
#ENDIF
#IF ${ENABLE_AUTH_RADIUS}=1
http_access allow authentication all
#ENDIF
#IF ${ENABLE_AUTH_LDAP}=1
http_access allow authentication all
#ENDIF
# http_access allow noporn authentication
#IF ${ENABLE_BANNED_URL_LIST}=1
http_access deny porn all
#ENDIF
#IF ${ENABLE_OWA_FIX}=1
extension_methods SEARCH SUBSCRIBE RPC_IN_DATA RPC_OUT_DATA
#ENDIF
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 100000/100000
icp_access deny all
miss_access allow all
ident_lookup_access deny all
cache_mgr admin@somewhere
cache_effective_user nobody
cache_effective_group nogroup
visible_hostname localhost
unique_hostname localhost
logfile_rotate 0
tcp_recv_bufsize 0 bytes
memory_pools off
forwarded_for off
log_icp_queries off
icp_hit_stale off
minimum_direct_hops 4
cachemgr_passwd disable all
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db off
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
error_directory /etc/squid/errors
maximum_single_addr_tries 3
uri_whitespace deny
prefer_direct on
strip_query_terms on
http_port 127.0.0.1:49221 transparent
#IF ${OUTGOING_ADDR}
tcp_outgoing_address ${OUTGOING_ADDR}
#ENDIF
# Kaskadierung
#IF ${ENABLE_FORWARD}=1
cache_peer ${FORWARD_PROXY_IP} parent ${FORWARD_PROXY_PORT} 0 default no-query
#ENDIF
icp_port 0
acl QUERY urlpath_regex cgi-bin \\?
acl all src 0.0.0.0/0.0.0.0
no_cache deny all
cache_mem 16 MB
cache_swap_low 70
cache_swap_high 75
maximum_object_size 4096 KB
ipcache_size 1024
ipcache_low 70
ipcache_high 75
fqdncache_size 1024
#cache_dir ufs /var/spool/squid 1000 16 256
cache_dir null /dev/null
#cache_access_log /var/log/squid/access.log
cache_access_log /dev/null
#cache_log /var/log/squid/cache.log
cache_log /dev/null
#cache_store_log /var/log/squid/store.log
cache_store_log /dev/null
emulate_httpd_log off
mime_table /etc/squid/mime.conf
log_mime_hdrs off
pid_filename /var/run/squid.pid
debug_options ALL,1
log_fqdn off
ftp_user anonymous@foo
unlinkd_program /usr/libexec/unlinkd
# Authentisierung mit lokaler Datenbank
#IF ${ENABLE_AUTH_LOCAL}=1
auth_param basic program /usr/libexec/ncsa_auth /etc/squid/squid_user.dat
#ENDIF
# Authentisierung mit Radius
#IF ${ENABLE_AUTH_RADIUS}=1
auth_param basic program /usr/bin/squid_radius_auth -f /etc/squid_radius_auth.conf
#ENDIF
# Authentisierung mit LDAP oder AD
#IF ${ENABLE_AUTH_LDAP}=1
auth_param basic program /usr/libexec/squid_spldap_auth -h ${GLOB_LDAP_URI} -d ${GLOB_AD_DOMAIN}
#ENDIF
auth_param basic realm Securepoint Firewall
auth_param basic children 32
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 5 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minutes
range_offset_limit 0 KB
connect_timeout 120 seconds
read_timeout 15 minutes
request_timeout 30 seconds
client_lifetime 1 day
half_closed_clients on
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
# Authentisierunf erforderlich
#IF ${ENABLE_AUTH_LOCAL}=1
acl authentication proxy_auth REQUIRED
#ENDIF
#IF ${ENABLE_AUTH_RADIUS}=1
acl authentication proxy_auth REQUIRED
#ENDIF
#IF ${ENABLE_AUTH_LDAP}=1
acl authentication proxy_auth REQUIRED
#ENDIF
# Webseiten filtern
acl porn url_regex "/etc/squid/denied.txt"
acl noporn url_regex "/etc/squid/nodenied.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
follow_x_forwarded_for allow localhost
acl SSL_ports port 443
acl Safe_ports port 20 21 80 81 443 1025-65535
acl CONNECT method CONNECT
# Download Grösse beschränken
#IF ${ENABLE_SIZE_LIMIT}=1
reply_body_max_size ${REPLY_BODY_MAX_SIZE} allow all
#ELSE
reply_body_max_size 0 allow all
#ENDIF
# Kaskadierung
#IF ${ENABLE_FORWARD}=1
never_direct allow all
#ENDIF
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# Zugriff erlaubt mit oder ohne Authentisierung
#IF ${ENABLE_EXCEPTION_URL_LIST}=1
http_access allow noporn all
#ENDIF
#IF ${ENABLE_AUTH_LOCAL}=1
http_access allow authentication all
#ENDIF
#IF ${ENABLE_AUTH_RADIUS}=1
http_access allow authentication all
#ENDIF
#IF ${ENABLE_AUTH_LDAP}=1
http_access allow authentication all
#ENDIF
# http_access allow noporn authentication
#IF ${ENABLE_BANNED_URL_LIST}=1
http_access deny porn all
#ENDIF
#IF ${ENABLE_OWA_FIX}=1
extension_methods SEARCH SUBSCRIBE RPC_IN_DATA RPC_OUT_DATA
#ENDIF
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 100000/100000
icp_access deny all
miss_access allow all
ident_lookup_access deny all
cache_mgr admin@somewhere
cache_effective_user nobody
cache_effective_group nogroup
visible_hostname localhost
unique_hostname localhost
logfile_rotate 0
tcp_recv_bufsize 0 bytes
memory_pools off
forwarded_for off
log_icp_queries off
icp_hit_stale off
minimum_direct_hops 4
cachemgr_passwd disable all
store_avg_object_size 13 KB
store_objects_per_bucket 50
client_db off
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
error_directory /etc/squid/errors
maximum_single_addr_tries 3
uri_whitespace deny
prefer_direct on
strip_query_terms on
Hallo,
ich würde diesen Part:
nach diesem:
Parameter setzen und es dann erneut probieren.
ich würde diesen Part:
Code: Alles auswählen
delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 100000/100000
Code: Alles auswählen
unlinkd_program /usr/libexec/unlinkd
Zuletzt geändert von carsten am Di 29.09.2009, 16:45, insgesamt 1-mal geändert.
There are 10 types of people in the world... those who understand binary and those who don\'t.