[squid-users] Re: adobe updates constantly re-downloading

From: Marko Cupać <marko.cupac_at_mimar.rs>
Date: Wed, 15 May 2013 13:08:30 +0200

On Wed, 15 May 2013 13:30:01 +0300
Volodymyr Kostyrko <c.kworr_at_gmail.com> wrote:

> 15.05.2013 13:17, Marko Cupać:
> > My ~300 users are behind squid-3.2.11. As from 7:00 this morning my 10Mbit/s Internet link is saturated by adobe reader updates:
> >
> > http://armdl.adobe.com/pub/adobe/reader/win/9.x/9.5.2/misc/AdbeRdrUpd952_all_incr.msp
> > http://armdl.adobe.com/pub/adobe/reader/win/9.x/9.5.0/en_US/AdbeRdr950_en_US.exe
> > http://armdl.adobe.com/pub/adobe/reader/win/10.x/10.1.0/en_US/AdbeRdr1010_en_US.msi
> > http://armdl.adobe.com/pub/adobe/reader/win/9.x/9.5.3/misc/AdbeRdrUpd953_all_incr.msp
> >
> > I found IPs of update servers, and as a temporary solution I put them into aclnodstip.acl, and modified squid.conf:
> >
> > acl adobe dst "/usr/local/etc/squid/aclnodstip.acl"
> > ....
> > http_access deny adobe
> >
> > This worked well as a temporary solution, as traffic dropped immediately. Next, I followed:
> >
> > http://wiki.squid-cache.org/SquidFaq/WindowsUpdate
> >
> > I already had following directives:
> >
> > range_offset_limit -1
> > maximum_object_size 8192 MB
> > quick_abort_min -1
> >
> > And now I added regex for adobe:
> > refresh_pattern -i armdl.adobe.com/.*\.(dat|exe|ms[i|p]|upd|dat|zip) 4320 80% 43200 reload-into-ims
> >
> > Unfortunately, after disabling acl and enabling refresh pattern my link got saturated again.
> >
> > Any advice how to cache those adobe updates? Or at least make clients download them once, not constantly re-requesting them without ever completing download successfully.
>
> I did almost the same with http://code.google.com/p/samesite/. It acts
> as a lame configurable proxy that can store any requested file locally.
> It can also join partial downloads so if you are requsting file in small
> chunks only uncached parts would be downloaded.
>
> The same could be done in squid with extra option to ignore ETag (I
> noticed that Microsoft and Adobe seems to misuse it by using different
> ETags for a file on different servers) and ability to reconstruct files
> by requested parts.
>
> --
> Sphinx of black quartz, judge my vow.

If I understood well, there is no such "config line" in squid at the
moment. Or in other words, squid 3.2.11 can not be configured to ignore
Etag. I should either emplement samesite (I rather wouldn't introduce
additional service on my network), or wait for squid developers (I do not
know how to code this) to include this option in some future version.
Is that correct? If not, would someone be kind and give me the config line?

-- 
Marko Cupać
Received on Wed May 15 2013 - 11:08:39 MDT

This archive was generated by hypermail 2.2.0 : Wed May 15 2013 - 12:00:10 MDT