Query about Update Accelerator

Hi all,
I am thinking about deploying IPfire at a client in the near future and have a query or three about Update Accelerator, please. This is for testing and evaluation purposes for the future client.
1: I have two MS PCs on my network, one with Server 2022, one with Windows 11. Will Update Accelerator fetch updates for both?
2: How do the MS PCs get their updates from the IPFire cache as opposed to from the internet? Are there any configuration changes needed on the MS PCs, in order for them to get updates from IPFire instead of the internet?

I’ll try to answer your questions.

  1. MS Updates should work. As far as I can see the updates are fetched via HTTP. So they can be cached by Squid ( the proxy used by IPFire ). Update Accelerator is filter for Squid.

  2. To filter and cache the updates, the clients must use the IPFire proxy for web access. This means configuration via WPAD ( an option of the DHCP server ) and forcing to use the proxy ( direct HTTP connections are not allowed ).

Note, that only HTTP downloads can be cached. A download via HTTPS cannot be cached, because the transfer is initiated inside the encrypted session. Squid and its associated programs aren’t involved. ( see explorations of the HTTPS protocol )

@bbitsch Thank you, Bernhard, for your reply.
1: I understand that MS updates should work, my question is will Update Accelerator retrieve updates for BOTH Server 2022 AND Windows 11? Yes, I am aware that in a few cases the updates are similar, however, there are updates unique to Server 2022.
2: Yes, I am aware of this, that the web proxy must be used, which is currently the case. I have transparent proxy enabled, can I leave it as such or should I disable transparent and configure the clients manually?

I know this is an old conversation, but I wanted you to be aware that if you have only two MS PCs on your entire network, then the Update Accelerator is pointless. The way it is supposed to work is UA will download two copies of each update–one for the first client in need and one for UA to distribute to other clients on the network. If you only have two Windows PCs, it is more efficient to just let them download their updates on their own. The more PCs you have on the network, the more it makes sense to use UA.

1 Like

Microsoft reportedly has also started delivering updates over HTTPs, so they cannot be cached at all.


@bloater99 Thank you, that does make sense. Appreciate the reply.