Child pages
  • Windows Update using URLs
Skip to end of metadata
Go to start of metadata

Our Windows servers access the internet through a Squid HTTP proxy. This is done because some of them are running on IPv6-only, and a proxy enables them to reach content on the old internet, such as Windows Update, CRL/OSCP URLs, etc.

If we're using a proxy anyway, this is the perfect place to carefully allow what can be accessed from the big bad internets.

So we have a few ACL lines, based on

Since 11 Feb 2015 one of our Windows 2008 R2 boxes started to receive redirects from

So a HEAD request to this URL:


was redirected to:


That wasn't in the accesslist, so it was rejected.

After some searching I concluded that this is a legitimate redirect.

Based on what BITS requested so far:


I've come up with this ACL:


dstdom_regex ^ic\.91000226\.[0-9a-z]{6}\.1\.msftsrvcs\.vo\.llnwi\.net$


Let's see how that goes.

  • No labels