RE: [squid-users] Inbound and Outbound proxy on same machine

From: Michael St. Laurent <mikes_at_hartwellcorp.com>
Date: Wed, 11 Jun 2008 10:18:56 -0700

> Michael St. Laurent wrote:
> > I'm trying to run an Inbound and Outbound proxy on the same machine.
> > The inbound is to serve OWA pages and I'm following the
> instructions in
> > the Wiki
> >
> (http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess).
> > If I try to start a separate process for the Inbound it
> complains that
> > Squid is already running. If I try to merge the Inbound
> config into the
> > same file as the Outbound config then the Outbound proxy
> stops working
> > (browser gets error: Forwarding Denied - This cache will
> not forward
> > your request because it is trying to enforce a sibling
> relationship.)
>
> All current versions of Squid permit multiple http_port
> entries, and can
> be configured as multi-mode proxies.
>
> All you need to do is place the OWA config at the top of squid.conf,
> drop the final "http_access deny all" from the OWA demo
> settings, then
> follow them up with a second section for the general outbound proxy
> settings.
>

I moved the config lines to the top (after a few comments but before any
other configuration lines) but my outbound connections still get the
"Forwarding Denied" error when I have the lines uncommented. I'm using
Squid 2.6.STABLE6 on a CentOS-5 system.

Here are the config lines which I'm adding (note that I'm leaving the
deny lines commented out):

# acceleration mode for inbound proxy

https_port <pub-ip>:443 cert=/etc/pki/tls/certs/squid-new.pem
defaultsite=<owa-FQDN>

cache_peer <owa-ip> parent 80 0 no-query originserver login=PASS
front-end-https=on name=<owa-FQDN>

acl OWA dstdomain <owa-FQDN>
cache_peer_access <owa-FQDN> allow OWA
never_direct allow OWA

# lock down access to only query the OWA server!
http_access allow OWA
#http_access deny all
miss_access allow OWA
#miss_access deny all
Received on Wed Jun 11 2008 - 17:19:50 MDT

This archive was generated by hypermail 2.2.0 : Thu Jun 12 2008 - 12:00:04 MDT