Re: [squid-users] Squid reverse proxy problem (HTTPS to HTTP) from Amos Jeffries on 2008-10-01 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Wed, 01 Oct 2008 22:14:57 +1300

Russell Phillips wrote:
> Hi list,
>
> I'm trying to set up a squid reverse proxy for an Outlook Web Access
> webmail server. I want the connection to squid to be encrypted with SSL,
> but the connection to the web server to be simple HTTP, ie:
>
> client_browser <---HTTPS---> squid <---HTTP---> outlook_web_access
>
> Below is the config that I currently have on squid:
>
> ---------------------------------------
> https_port 1.2.3.4:443 cert=/etc/shv-ssl/CertAuth/testcert.cert
> key=/etc/shv-ssl/CertAuth/testkey.pem
> cache_peer 10.0.0.1 parent 80 0 no-query originserver login=PASS
> front-end-https=on name=OWA
>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl CONNECT method CONNECT
>
> # Deny requests to unknown ports
> http_access deny !SSL_ports
> # Deny CONNECT to other than SSL ports
> http_access deny CONNECT !SSL_ports
>
> visible_hostname reverse-proxy.example.com
>
> cache_access_log /var/log/squid/reverse-access.log
> cache_log /var/log/squid/reverse-cache.log
> cache_store_log /var/log/squid/reverse-store.log
> ---------------------------------------
>
> I was getting errors telling me that the access was denied due to ACL
> rules, but now I'm getting:
>
> ---------------------------------------
> The following error was encountered:
>
> * Invalid Request
>
> Some aspect of the HTTP Request is invalid. Possible problems:
>
> * Missing or unknown request method
> * Missing URL
> * Missing HTTP Identifier (HTTP/1.0)
> * Request is too large
> * Content-Length missing for POST or PUT requests
> * Illegal character in hostname; underscores are not allowed
> ---------------------------------------
>
> The squid access log has the following entry:
> ---------------------------------------
> 1222780606.494 46 83.67.67.3 TCP_DENIED/400 1586 GET
> error:invalid-request - NONE/- text/html
> ---------------------------------------
>
> Can anyone give me any idea of where I'm going wrong?
>

http://wiki.squid-cache.org/ConfigExamples/SquidAndOutlookWebAccess

The example has to be followed almost exactly to get around OWA bugs and
design issues.

Amos

-- 
Please use Squid 2.7.STABLE4 or 3.0.STABLE9

Received on Wed Oct 01 2008 - 09:15:07 MDT

This archive was generated by hypermail 2.2.0 : Wed Oct 01 2008 - 12:00:03 MDT