Re: [squid-users] Accelerator thru a firewall from Henrik Nordstrom on 2003-06-19 (squid-users)

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Thu, 19 Jun 2003 17:29:22 +0200

On Thursday 19 June 2003 16.14, Jason Moreton wrote:
> I have an accelerator box on a DMZ which I wish to forward all http
> and https requests to an internal Exchange box. Do I need to
> define the following in my conf file obviously appended to suit my
> network?
>
> acl INSIDE_IP dst 1.2.3.0/24
> always_direct allow INSIDE_IP
> never_direct allow all
>
> Sorry if this is the second posting having afew issues with
> Hotmail.

The accelerator box should be used as accelerator only.

To forward https requests to Exchange you need to use Squid-3. This
functionality is not supported in Squid-2.5 accelerator mode. It may
be possible with the SSL update to Squid-2.5 but to do this proper
other accelerator related features of Squid-3 is also needed.

A small Squid-3 accelerator configuration example:

http_port 80 accel defaultsite=the.official.domain
https_port 443 accel defaultsite=the.official.domain

cache_peer ip.of.exchange.server parent 80 0 no-query originserver
name=exchange-http
cache_peer ip.of.exchange.server parent 443 0 no-query originserver
ssl name=exchange-https

acl http protocol http
cache_peer_access exchange-http allow http

acl https protocol https
cache_peer_access exchange-https allow https

never_direct allow all

Alternatively, if you do not use https on the exchange server, but
wishes to do so on the accelerator:

   https_port 443 accel defaultsite=the.official.domain

   cache_peer ip.of.exchange.server parent 80 0 no-query originserver
front-end-https=auto

never_direct allow all

If you wish to send different domains to different servers then use
cache_peer_access to control which server is used for which request.

Note: Squid-3 is not yet classified as stable for production use, but
you are welcome to try it out regardless.

Regards
Henrik

-- 
Donations welcome if you consider my Free Squid support helpful.
https://www.paypal.com/xclick/business=hno%40squid-cache.org
If you need commercial Squid support or cost effective Squid or
firewall appliances please refer to MARA Systems AB, Sweden
http://www.marasystems.com/, info@marasystems.com

Received on Thu Jun 19 2003 - 09:29:35 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:26 MST