Fwd: [squid-users] reverse proxy problems

i've asked to be removed countless times. here's another message that
i didn't want. it's really not that hard to remove somebody is it...

This is a forwarded message
From: "Ehrhardt, Jörg" <JEhrhardt@IhrPlatz.de>
To: squid-users@squid-cache.org
Date: Wednesday, January 28, 2004, 5:53:05 AM
Subject: [squid-users] reverse proxy problems

===8<==============Original message text===============
Hi,

I have problems with authentication querys over squid.

This is what I have to do.

The Clients will connect to www.abc.com, which is pointing to rProxy1 in the DMZ1.
rProxy1 will forward all to rProxy2 (Port 80) standing in the DMZ2.
rProxy2 will forward to www.def.com:8000

Internet --www.abc.com--> Firewall ---> rProxy1 (Port80) ---> rProxy2(Port 80) ---www.def.com---> SAP (Port8000)

My problem is, that a client connection request starts ususal with a pop-up window with an account query.
But unlike a direct connection the account information seems not
The server asks two more times for the account information and then serves a standard webpage.

All I see in the logs is the GET from the client to www.def.com.

I see also the conncetion request of the client in the log of the webserver. The webserver is answering with the account query but gets no response of the client.
Instead of that the webserver gets another connection request of the client

Log rProxy1:
145.x.x.x TCP_MISS/401 471 GET http://www.abc.com - FIRST_UP_PARENT/192.168.212.2 text/html

Log rProxy2:
192.168.212.1 TCP_MISS/401 384 GET http://www.def.com:8000 - FIRST_PARENT_UP/194.xxx.xxx.xxx text/html

That´s all :-(

Anyone out there with a clue/solution?

Please it is urgent, the managers are already standing behind my back ;-)

Thanks in advance
Joerg

Here is my configuration:

rProxy1:
WELCOME TO SQUID 3.0-PRE3-20040126
http_port 80 vhost accel
cache_peer 192.168.212.2 parent 8000 0 name=t1.def.com
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl SquidAdmin src 192.168.215.18
acl alienhost dst 80.xxx.xxx.xxx
acl http proto http
acl http proto https
acl alienport port 80
acl alienport port 443
acl shrekhost dst 192.168.160.252
acl shrekhost dst 192.168.212.2
acl shrekdomain dstdomain .def.com
acl shrekdomain dstdomain .abc.com
acl Shrek src 192.168.212.0/255.255.255.252

http_access allow manager localhost
http_access allow manager SquidAdmin
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow alienhost http alienport
http_access allow shrekhost http alienport
http_access allow shrekdomain
http_access deny all

cache_peer_access t1.def.com allow shrekdomain

rProxy2:
http_port 80 vhost accel
cache_peer 194.xxx.xxx.xxx parent 8000 0 name=t2.def.com originserver forceddomain=.def.com proxy-only
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 8000
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl SquidAdmin src 192.168.215.18
acl sapbwhosts1 dst 194.xxx.xxx.xxx
acl sapbwhosts2 dst 194.xxx.xxx.xxx
acl sapbwports1 port 8000
acl sapbwports1 port 8001
acl sapbwports2 port 8120
acl sapbwports2 port 8123
acl alien src 192.168.212.0/255.255.255.252

http_access allow manager localhost
http_access allow manager SquidAdmin
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow sapbwhosts1 sapbwports1
http_access allow sapbwhosts2 sapbwports2
http_access allow alien
http_access deny all

acl my dstdomain .abc.com
acl my dstdomain .def.com
cache_peer_access t2.def.com allow my

===8<===========End of original message text===========

-- 
Best regards,
 mortbox                            mailto:mortbox@gamebox.net