Hello to the community!
I’m encountering a strange issue with the proxy server.
I am using a RED + GREEN configuration with a parent proxy on RED and IPS disabled.
Web traffic with authentication on the parent proxy works perfectly; however, APT does not work at all.
The Ubuntu machines in the GREEN network are correctly configured to use APT, I’m sure of that. I believe the issue is with my proxy.
After running the command sudo apt install ntpdate, I get the following line in the /var/log/squid/access.log file:
4766.384 30016 192.168.0.11 NONE_NONE_ABORTED/000 0 GET http://fr.archive.ubuntu.com/ubuntu/pool/universe/n/ntp/ntpdate_4.2.8p15%2bdfsg-1ubuntu2_amd64.deb - HIER_NONE/- -
If I enter the following URL in a browser: http://fr.archive.ubuntu.com/ubuntu/pool/universe/n/ntp/, the connection works fine without authentication, and if I download a tar file, everything works as expected. However, downloading a .deb file doesn’t work!
Does anyone have an idea how to resolve this blocking issue?
Thank you very much for your suggestions!
Hi, To clarify my previous post, the content filters and file extension filters are not enabled!
Below is an example in the /var/log/squid/access.log file: of manually downloading a .deb file and a .tar.xz file from the same site.
Thank you very much for your suggestions!
Are you sure IPS is not on?
Look in The IPS rules and turn off the ones pertaining to APT.
Hi,
Yes, IPS appears to be stopped!
No filtering url and file extensions!
Any ideas?
Thanks for your suggestions!
Perhaps this may help.
Is the update accelerator enabled? If yes try to disable it.
Thank you very much @hvacguy for your response. I had read that post before posting mine, but it didn’t help me…
Thank you very much @arne_f , it works correctly now!!!
But why?
Is disabling the update accelerator detrimental to performance if I have many computers (>100) on the green area using the proxy?
The accelerator should cache some *.deb files on the IPFire disc at first download and should use the cache if a second client try to fetch the same file.
I fear this is buggy with the currect squid version. Looks like we loose the next proxy feature…
The Update Accelerator is in fact detrimental, if many computers load different files. I don’t remember how exactly the identity of downloads is determined. An item consists of download URL and file name. If the URL or name differs for different clients, each download is made twice ( for the cache and for the client ). These downloads happen simultanious!
Thank you for your responses! I was stuck on this APT issue for a few days! I’m glad to see that the community is so efficient!