Hello Henrik
thanks for your help. I have changed my configuration like this:
https_port 192.168.20.10:443 cert=/opt/squid/etc/cert/server.crt
key=/opt/squid/etc/cert/server.pem defaultsite=exchange.testnetz.de
i think defaultsite is ok. before i have modified the dns, the clients have
connect with "http://exchange.testnetz.de/exchange" the OWA.
cache_peer 192.168.20.20 parent 80 0 originserver proxy-only no-query
no-digest front-end-https=on login=pass
192.168.20.20 is the IP of the Exchange server (exchange.testnetz.de). My
client is connecting the squid with https. Squid try to connect with port
443 (https) the Exchange server but my Exchange is listen to port 80:
09:50:50.341989 192.168.10.10.1583 > 192.168.20.20.443: S
2333132721:2333132721(0) win 5840 <mss 1460,sackOK,timestamp 1013352
0,nop,wscale 0> (DF)
09:50:50.342175 192.168.20.20.443 > 192.168.10.10.1583: R 0:0(0) ack
2333132722 win 0
I have found a patch for a similiare problem "cache_peer originserver
connects to wrong port".
If i try to apply this patch, i see the following errors:
squid:/usr/src# ls -la
total 53060
drwxrwsr-x 9 root src 4096 Dec 23 10:49 .
drwxr-xr-x 12 root root 4096 Nov 15 13:17 ..
drwxrwxrwx 14 1012 1012 4096 Aug 16 2003 squid-3.0-PRE3
lrwxrwxrwx 1 root src 14 Dec 22 11:02 squid3 ->
squid-3.0-PRE3
squid:/usr/src#patch -p0 < squid-3.0.PRE3-originserver_port.patch
patching file squid3/src/forward.cc
Hunk #1 FAILED at 576.
1 out of 1 hunk FAILED -- saving rejects to file squid3/src/forward.cc.rej
squid:/usr/src#
Is this patch required ?
tino
>
>
>
> On Tue, 21 Dec 2004, Glatzel Tino wrote:
>
> > Hello Henrik,
> >
> >
> > I have tested squid-3.0pre3 the last three days, but
> without success.
> > I access with the browser of my client to exchange.testnetz.de with
> > https. I see the authentication dialog an with netstat -an
> i see the
> > connections from the client to the squid with port 443. If
> i press the
> > OK-Button in the authentication dialog i see a message
> like: "You will
> > left a secure internetconnection" if i press the OK-Button a new
> > authentication dialog pops up. At the client i see the
> connection with
> > port 80 to the squid. My client resolves the name of the
> Exchange with
> > the ip of the squid. The Squid resolves the name of the
> Exchange with
> > the real ip-address. Squid is compiled with:
> >
> > ./configure --prefix=/opt/squid-3.0-PRE3
> > --exec-prefix=/opt/squid-3.0-PRE3 --enable-ssl
> > --enable-x-accelerator-vary make make install
> >
> > squid.conf:
> >
> > http_port 192.168.20.10:80 accel defaultsite=exchange.testnetz.de
> >
> > https_port 192.168.20.10:443 accel defaultsite=exchange.testnetz.de
> > protocol=http cert=/opt/squid/etc/cert/server.crt
> > key=/opt/squid/etc/cert/server.pem
>
> Don't use protocol=.. there
>
> And the defaultsite=.. should be the exact name you are
> requesting in the
> browser, not the actual server name.
>
> if unsure use the vhost option in which case Squid will
> automatically pick
> up whatever you typed in your browser and forward this to OWA
> for use when
> rendering links within the OWA application.
>
> > cache_peer exchange.testnetz.de parent 80 0 proxy-only originserver
> > forceddomain=exchange.testnetz.de front-end-https=on
>
> Since you accept both http and https you should use
> front-end-https=auto
>
> Don't use forceddomain. This is only needed in a very special case
> involving redundant servers needing to be called by their
> explicit name.
>
> Regards
> Henrik
>
Received on Thu Dec 30 2004 - 03:07:42 MST
This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST