I know this topic has been asked many many times but I have not found a solution that works so I figured I would give it one last kick.
Version 2.5.STABLE5 You will notice I have tried a few things and left some of them commented in my squid.conf which is: acl all src 0.0.0.0/0.0.0.0 #acl microsoft1 url_regex -i c.microsoft.com #acl microsoft2 url_regex -i download.microsoft.com #acl microsoft3 url_regex -i download.windowsupdate.com #acl microsoft4 url_regex -i v4.windowsupdate.microsoft.com #acl microsoft5 url_regex -i v5.windowsupdate.microsoft.com #acl microsoft6 url_regex -i windowsupdate.microsoft.com #acl microsoft7 url_regex -i www.download.windowsupdate.com #acl microsoft8 url_regex -i www.windowsupdate.com acl windowsupdate dstdomain .windowsupdate.microsoft.com acl AuthorizedUsers proxy_auth REQUIRED acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 81 # Autorpm.org acl Safe_ports port 89 # Oracle Technical Forums acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access allow microsoft1 #http_access allow microsoft2 #http_access allow microsoft3 #http_access allow microsoft4 #http_access allow microsoft5 #http_access allow microsoft6 #http_access allow microsoft7 #http_access allow microsoft8 no_cache deny windowsupdate http_access allow all AuthorizedUsers http_access allow localhost http_access deny all The problem seems to stem from the redirection of standard http over port 80 to https over 443. Microsoft seems to have a client side reg fix discussed in KB271361 which closes with this interesting tidbit: "You may have to use this registry key if you connect by using a proxy server that is handling secure and non-secure requests on the same server. One example of this behavior is the SQUID Proxy Server software. Because Internet Explorer typically caches port information, it may not send a secure request over the correct port number when it tries to send secure and non-secure responses to the same server, but on different port numbers." I tried the reg hack, that did not work either. I also increased my maximum_object_size to the following value: 1048576 KB (which should be big enough for any cab/exe coming from MS. Does anyone have a working squid configuration that actually allows Windows Updates to be successfully downloaded and installed via Internet Explorer? There is also a client side fix by Microsoft discussed in KB271361 which has an interest
