[squid-users] Re: help with config file for OWA 2003 reverse proxy setup

From: Martin Burke <itsmarty@dont-contact.us>
Date: Thu, 17 Mar 2005 07:50:59 -0500

On Thu, 17 Mar 2005 00:59:44 -0500, Martin Burke <itsmarty@gmail.com> wrote:
> I have 3.0-PRE3 running now, but the OWA login prompt doesn't accept
> my credentials. The entry in the access log is:
>
> "GET https://testmail.ncmec.org/exchange/ HTTP/1.1" 401 405
> TCP_MISS:FIRST_UP_PARENT
>
> My connections using 2.5 always showed http rather than https, if
> that's relevant.
>
> The setup is reverse-proxy listening on 443 and talking to OWA on 80.
>

Is the connection now ssl on both sides (from the client to the
reverse proxy and then from the reverse proxy to the webserver)?

If so, can I use 443 on both, or do I need to set up the webserver to
accept ssl on 80?

> My config file is as follows:
>
> visible_hostname testmail.ncmec.org
> https_port 443 defaultsite=testmail.ncmec.org
> cert=/etc/squid/webmail.crt key=/etc/squid/webmail.key
>
> cache_peer 172.25.4.51 parent 80 0 no-query originserver front-end-https=auto

The other suggestions I've seen for a config file for this arrangement are:

proxy-only
login=PASS
never_direct allow all
header_access Accept-Encoding deny all

I've added them one by one, and since putting in login=PASS, I get
past the login prompt but am back to the old situation of seeing two
frames with no data.

My cache_peer line now looks as follows:

cache_peer 172.25.4.51 parent 80 0 no-query proxy-only originserver
front-end-https=auto login=PASS

>
> hosts_file /etc/squid/hosts
>
> http_port 127.0.0.1:8080
>
> acl acl_testmail dstdomain testmail.ncmec.org
> http_access allow acl_testmail
>
> acl to_index urlpath_regex /$
> acl to_favicon urlpath_regex /favicon.ico$ acl to_exchange
> urlpath_regex /exchange http_access allow to_index http_access allow
> to_favicon http_access allow to_exchange
>
> acl all src 0.0.0.0/0.0.0.0
> http_access deny all
>
> Thanks for any assistance provided,
>
> Martin Burke
> National Center for Missing & Exploited Children
> 699 Prince St
> Alexandria, VA 22314
>
Received on Thu Mar 17 2005 - 05:51:06 MST

This archive was generated by hypermail pre-2.1.9 : Fri Apr 01 2005 - 12:00:02 MST