Squid 阻止自动更新 - 防病毒和 Java

Squid 阻止自动更新 - 防病毒和 Java

我在 Linux 服务器上将 Squid3 配置为透明代理。我试图允许 Windows(当前已禁用)、Java 和防病毒程序的自动更新通过。malwarebytes、antivir 和 avast 的自动更新失败。我不清楚当我手动启动更新时它们是否成功;他们说他们已经成功了,但我并不相信。当我更新 Java 时,下载和更新一直顺利进行,直到安装的最后一步。然后由于代理问题而失败。

任何想法都会很有帮助。我已经搜索并研究了很长时间,但没有成功。

以下是我的 squid.conf 文件:

acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl work_hours time M T W H F A 8:00-16:00
acl SSL_ports port 443      
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
acl javaupdate dstdomain adobe.com
acl javaupdate dstdomain java.com
acl javaupdate dstdomain sun.com
acl javaupdate dstdomain oracle.com
acl javaupdate dstdomain geotrust.com
acl javaupdate dstdomain symantec.com
acl javaupdate dstdomain javadl-esd-secure.oracle.com
acl jvCONNECT dstdomain adobe.com
acl jvCONNECT dstdomain java.com
acl jvCONNECT dstdomain sun.com
acl jvCONNECT dstdomain oracle.com
acl jvCONNECT dstdomain geotrust.com
acl jvCONNECT dstdomain symantec.com
acl jvCONNECT dstdomain javadl-esd-secure.oracle.com
acl aviraupdate dstdomain personal.avira-update.net
acl aviraupdate dstdomain personal.avira-update.com
acl aviraupdate dstdomain professional.avira-update.net
acl aviraupdate dstdomain professional.avira-update.com
acl kasperskyupdate dstdomain geo.kaspersky.com
acl malwarebytesupdate dstdomain data-cdn.mbamupdates.com
acl malwarebytesupdate dstdomain mbam-cdn.malwarebytes.org
acl avastupdate dstdomain avast.com
acl avCONNECT dstdomain personal.avira-update.net
acl avCONNECT dstdomain personal.avira-update.com
acl avCONNECT dstdomain professional.avira-update.net
acl avCONNECT dstdomain professional.avira-update.com
acl kaspCONNECT dstdomain geo.kaspersky.com
acl mbamCONNECT dstdomain data-cdn.mbamupdates.com
acl mbamCONNECT dstdomain mbam-cdn.malwarebytes.org
acl avstCONNECT dstdomain avast.com
acl denied_domains dstdomain "/etc/squid3/denied_domains.acl"
acl time_denied_domains dstdomain "/etc/squid3/time_denied_domains.acl"
acl denied_files urlpath_regex -i "/etc/squid3/denied_files.acl"
acl time_denied_files urlpath_regex -i "/etc/squid3/time_denied_files.acl"
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager
http_access deny to_localhost
http_access deny denied_domains
http_access deny denied_files
http_access deny localnet work_hours time_denied_domains
http_access deny localnet work_hours time_denied_files
http_access deny CONNECT wuCONNECT localnet
http_access deny windowsupdate localnet
http_access allow CONNECT jvCONNECT localnet
http_access allow javaupdate localnet
http_access allow CONNECT avCONNECT localnet
http_access allow CONNECT kaspCONNECT localnet
http_access allow CONNECT mbamCONNECT localnet
http_access allow aviraupdate localnet
http_access allow kasperskyupdate localnet
http_access allow malwarebytesupdate localnet
http_access allow avastupdate localnet
http_access allow localnet
http_access allow localhost
http_access deny all
reply_body_max_size 200 MB windowsupdate
reply_body_max_size 200 MB javaupdate
reply_body_max_size 200 MB aviraupdate
reply_body_max_size 200 MB kasperskyupdate
reply_body_max_size 200 MB malwarebytesupdate
reply_body_max_size 200 MB avastupdate
reply_body_max_size 20 MB localhost
reply_body_max_size 20 MB localnet
http_port 3128 intercept
maximum_object_size 200 MB
cache_dir ufs /var/spool/squid3 50000 16 256
cache_log /var/log/squid3/cache.log
coredump_dir /var/spool/squid3
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i adobe.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i java.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i javadl.oracle.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i oracle.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i sun.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i sdlc-esd.sun.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i geotrust.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i symantec.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i javadl-esd-secure.oracle.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i (avgate|avira).*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|idx|gz|json|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i personal.avira-update.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|idx|gz|json|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i personal.avira-update.net/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|idx|gz|json|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i geo.kaspersky.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|idx|gz|zip) 14400 80% 43200 reload-into-ims
refresh_pattern -i kaspersky.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|idx|gz|avc) 14400 80% 43200 reload-into-ims
refresh_pattern -i data-cdn.mbamupdates.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|idx|gz|ref|conf) 14400 80% 43200 reload-into-ims
refresh_pattern -i mbam-cdn.malwarebytes.org/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip|idx|gz|ref|conf) 14400 80% 43200 reload-into-ims
refresh_pattern ([^.]+.|)avast.com/.*\.(vpu|vpaa) 4320 100% 43200 reload-into-ims
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms) 14400 80% 14400 ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v)) 14400 80% 14400 ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js|jpg|png) 14400 80% 14400 ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 14400 80% 14400 ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 14400 80% 14400 ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .       0   20% 4320
range_offset_limit 200 MB windowsupdate
range_offset_limit 200 MB aviraupdate
range_offset_limit 200 MB javaupdate
range_offset_limit 200 MB kasperskyupdate
range_offset_limit 200 MB malwarebytesupdate
range_offset_limit 200 MB avastupdate
request_body_max_size 20 MB
icp_port 3130
always_direct allow all

非常感谢。任何帮助我都感激不尽。

相关内容