RE: [squid-users] forward and reverse through one system

From: Alan Lehman <alehman_at_gbateam.com>
Date: Sun, 8 Feb 2009 11:35:53 -0600

Amos,
See responses to your questions below.
Thanks.

> > I have one instance of squid is configured for forward web proxy and
> > accelerator for OWA (per the wiki). In order for users to avoid
changing
> > their proxy settings, I need the forward proxy to be able to access
OWA
> > going out and back in as follows:
> >
> > Host on internal net -> forward proxy -> accelerator -> OWA server
on
> > internal net
> >
> > It seems like this should work. When I try to access OWA from an
> > internal host, the browser hangs and the following eventually
appears in
> > access.log:
> >
> > 1233516965.141 12567 [internal host IP] TCP_MISS/000 0 CONNECT
> > owa.domain.com:443 - FIRST_UP_PARENT/[owa server IP] -
> >
> > Any ideas would be most appreciated.
> >
> > Thanks,
> > Alan
> >
>
> (Assuming you have squid-2.6 or later)

3.1.0.3
>
> The basic config:
>
> You can multi-mode squid. Ensure that the reverse-proxy settings are
all
> at the top of the squid.conf and any forward-proxy settings are
following
> at the bottom.
> Also, the "http_access deny all" detailed to finish the reverse-proxy
> config gets removed so that on non-reversed requests squid can drop
> through and run the forward-proxy settings.

Yup. That's the way it is. My complete config is posted on bug 2572.
>
> Specific to your loop-back problem:
>
> You need to adjust your reverse-proxy configuration to block the
CONNECT
> method being used to access the peers.

Sorry, but can you elaborate on this?
>
> Then check that the domain IP Squid resolves owa.domain.com to is its
own
> listening https_port.

It does: a.b.c.96
>
> Amos
>

CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Received on Sun Feb 08 2009 - 17:41:47 MST

This archive was generated by hypermail 2.2.0 : Mon Feb 09 2009 - 12:00:02 MST