RE: [squid-users] Noob - OWA - Squid3 - SSL

Thanks for your help Derek.
I have everything running.

Now I get to the exchange server and I authenticate.
OWA starts to load (I see the frames) then the content in each frame
cannot be displayed.

I looked at the page source, and the BASE href is in the http://
protocol.
This is what the front-end-https=on|auto is supose to take care of
right?
I there a way I can determine is squid is passing the Front-End_HTTPS:
on header?

This is from my access.log
1086871170.741 79 client.ip TCP_MISS/401 324 GET
http://exchange.domain.com/exchange/ - DIRECT/exchange.ip text/html
1086871184.340 71 client.ip TCP_MISS/200 1072 GET
http://exchange.domain.com/exchange/ - DIRECT/exchange.ip text/html

Any ideas?

Thanks
-Alex
-----Original Message-----
From: Derek Winkler [mailto:dwinkler@algorithmics.com]
Sent: Wednesday, June 09, 2004 2:33 PM
To: squid-users@squid-cache.org
Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL

You only need to modify the cache_peer line, I believe...

cache_peer exchange.domain.com parent 80 0 no-query proxy-only
originserver login=PASS

It's very important that squid listen on port 443 since the OWA server
will not return port number in the URLs.

You may also need to use some other owa specific option, can't remember
what it was, tells the OWA server that there's a HTTPS proxy in front of
it so that it will return https URLs.

Found it, front-end-https=auto.

So it's...

cache_peer exchange.domain.com parent 80 0 no-query proxy-only
originserver login=PASS front-end-https=auto

...maybe, give it a try.

> -----Original Message-----
> From: Alex Zlaten [mailto:alex@reiusa.net]
> Sent: Wednesday, June 09, 2004 3:21 PM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Derek,
>
> Thanks for the response.
> In your conf, it seems that you are communication with the exchange
> server via ssl port 443. I want squid to listen on 443 with https then

> retrieve the pages from exchange on 80 with http.
> I understand this is a major reason to use the pre-release of
> version 3.
>
> Is this how I would do that?:
> https_port 3129 accel defaultsite=exchange.domain.com
> cert=/usr/local/squid/etc/squid.pem protocol=http cache_peer
> exchangeIP parent 80 0 no-query originserver front-end-https=on
> login=PASS name=exchange-https
>
> Alex
> -----Original Message-----
> From: Derek Winkler [mailto:dwinkler@algorithmics.com]
> Sent: Wednesday, June 09, 2004 1:34 PM
> To: squid-users@squid-cache.org
> Subject: RE: [squid-users] Noob - OWA - Squid3 - SSL
>
>
> Remember externally for testing exchange.domain.com should
> point to the
> squid server, the squid server itself should be able to resolve
> exchange.domain.com to the actual owa server.
>
> For testing you can make an entry in your workstation host
> file to point
> exchange.domain.com to the squid server.
>
> The squid server will actually listen on port 443, no need to specify
> port. This is important since the OWA server doesn't specify a port.
>
> Here's my config which worked.
>
> visible_hostname whatever.domain.com
> cache_mgr whoever@domain.com
>
> https_port 443 cert=/opt/squid/etc/certificate.crt
> key=/opt/squid/etc/private.key cafile=/opt/squid/etc/cacert.crt
> defaultsite=exchange.domain.com
>
> cache_peer exchange.domain.com parent 443 0 no-query ssl proxy-only
> originserver login=PASS sslflags=DONT_VERIFY_PEER
>
> debug_options ALL,3
>
> ssl_unclean_shutdown on
>
> acl owa-exchange urlpath_regex \/exchange(\/|$)
> acl owa-webid urlpath_regex \/WebID\/
>
> acl all src 0.0.0.0/0.0.0.0
> acl all-dst dst 0.0.0.0/0.0.0.0
> acl owa-host dst XXX.XXX.XXX.XXX/255.255.255.255
>
> http_access allow owa-host owa-exchange
> http_access allow owa-host owa-webid
> http_reply_access allow all-dst
> http_access deny all
> http_access deny all-dst
>
> > -----Original Message-----
> > From: Alex Zlaten [mailto:alex@reiusa.net]
> > Sent: Wednesday, June 09, 2004 2:19 PM
> > To: squid-users@squid-cache.org
> > Subject: [squid-users] Noob - OWA - Squid3 - SSL
> >
> >
> > Hi,
> > I have been working with squid 3 for a few days now, I
> don't want to
> > bother you guys with questions that have already been answered a
> > million times but here goes.
> > Is there a good post of a squif.conf for using squid3 as an SSL
> > front-end?
> >
> > Does the URL in the browser have to be the FQDN of the
> exchange server
>
> > or does squid take care of the url translation?
> > Example:
> >
> > Squid server: https://10.0.0.1:3129
> > Exchange server (from https_port in conf): exchange.domain.com
> >
> > Can I go to https://10.0.0.1:3129/exchange to communticate with
> > http://exchange.domain.com/exchange ? Or do I have to have
> DNS point
> > to my squid server as exchange.domain.com?
> >
> > Here is the changes to the default squid.conf I am using:
> >
> > https_port 3129 accel defaultsite=exchange.domain.com
> > cert=/usr/local/squid/etc/squid.pem protocol=http cache_peer
> > exchangeIP parent 80 0 no-query originserver front-end-https=on
> > login=PASS name=exchange-https cache_peer_access
> exchange-https allow
> > http always_direct allow all acl http proto http cache_peer_access
> > exchange-https allow http
> >
> > Currently, if I go to https://10.0.0.1:3129 I get whatever
> is in the
> > root of my exchange server (iis Under construction) If I go to
> > https://10.0.0.1:3129/exchange, I get the Basic
> Authentication Login.
> > After entering the login is says I'm leaving secure
> connection then I
> > get page cannot be displayed.
> >
> > Thank you for any help.
> > Alex Zlaten
> >
> >
> >
>
Received on Thu Jun 10 2004 - 07:04:36 MDT