RE: [squid-users] Redirecting Windows Update

You are both right.

Yes, if you attempt to impersonate the Windows update site it will not
work.

Yes, you can redirect a request for windowsupdate.microsoft.com to
sus.mydomain.com and let them use that for updates, so long as you don't
try to impersonate the Windows Update site.

My suggestion would be to use SquidGuard to redirect these users to a
page explaining that they should use the SUS site instead. This will
work just fine.

-----Original Message-----
From: Serassio Guido [mailto:guido.serassio@acmeconsulting.it]
Sent: Saturday, February 21, 2004 2:14 PM
To: Scott Phalen; squid-users@squid-cache.org
Subject: RE: [squid-users] Redirecting Windows Update

Hi,

At 20.08 21/02/2004, Scott Phalen wrote:

>My original question is dealing with SQUID. All I am asking here is
>can a URL be redirected?
>I have been running MSUS for almost a year now. I TOO KNOW HOW IT
WORKS!
>75% of my clients are configured to get updates from my two servers.
>The other 25% go directly to Microsoft.
>Security Features in the Software Update Services solution
> Software Update Services. A server running SUS can download packages
>from either the public Microsoft Windows Update servers or from another

>server running SUS. During any of these downloads, there is no
>server-to-server authentication carried out. All content downloaded by
>SUS is signed by Microsoft. SUS does not trust any content that is not
>signed or is incorrectly signed. Since SUS 1.0 Service Pack 1 supports
>only Windows critical updates and security rollups, all content is
>checked to see that it has a been correctly signed by Microsoft.
> Automatic Updates client. The Automatic Updates client can download
>packages from either the public Windows Update site or from a server
>running SUS. Before installing any packages that have been downloaded,
>SUS checks to confirm that the package has been signed by Microsoft. If

>the package is not correctly signed, it will not be installed.

Ok, You say that You know all, so You don't need any recommendations
from me ... :-)

So, please try an let to know to the list if You are right.

Regards

Guido

-
========================================================
Guido Serassio
Acme Consulting S.r.l.
Via Gorizia, 69 10136 - Torino - ITALY
Tel. : +39.011.3249426 Fax. : +39.011.3293665
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/

--
This message has been scanned for viruses and dangerous content by
MailScanner, and is believed to be clean.