Hello,
does anyone know of the following problem?
My WSUS server 3.0 cannot download Windows 11 patches behind the Nethserver WebProxy.
Strangely enough ≤ 10 patches work.
The patches are probably downloaded differently here.
The problem is this:
Does anyone know how I can allow “HTTP 1.1 range requests” in the Nethserver proxy?
Thank you and best regards,
Tim
Just thought I’d ask have you enabled all the required url exceptions in the proxy
Info on Squid and http 1.1
Also how do you have your proxy setup (i.e., transparent or authenticated)
Also some more info (may or may not apply)
It is likely a due to a change in IIS for ASP.NET applications in how HTTP compression is handled that Microsoft implemented over the past couple of years on its servers.
When a browser makes a request through Squid it often does so using HTTP 1.1 … Squid, however, rewrites the request to use HTTP 1.0 (preserving other headers). In this case, the problem is that the browser requests “Accept-Encoding: gzip, deflate” which isn’t expected in an HTTP 1.0 request. In IIS 7 a configuration option of “NO_COMPRESSION_10” was introduced that disables compression for HTTP 1.0 requests and is enabled by default.
this can cause the request to just timeout with no response.
To fix this you’ll want to strip out that Accept-Encoding header from requests to Windows Update. Here is an untested example for squid.conf (milage may vary):
acl windowsupdate dstdomain .microsoft.com
header_access Accept-Encoding deny windowsupdate
I believe newer versions of Squid require you to do it a bit differently:
acl windowsupdate dstdomain .microsoft.com
reply_header_access Accept-Encoding deny windowsupdate
request_header_access Accept-Encoding deny windowsupdate
One last bit of Info
Thx
My proxy setup: authenticated