RE: [squid-users] RE: reverse proxy problem from Bas van den Dikkenberg on 2009-05-26 (squid-users)

From: Bas van den Dikkenberg <b.vd.dikkenberg_at_quaere.nl>
Date: Tue, 26 May 2009 08:19:23 +0200

Hi amos,

Even after adding the suggested line it still don't work

When i try to login I doesn't work in the log I see this messages:

1243318420.671 62 84.245.31.147 TCP_MISS/302 342 POST
https://extranet.dikkenberg.net/tas/secure/j_security_check;jsessionid=7
zzBU3-8Cqw1-CdYVB2 - FIRST_UP_PARENT/q-services -

When try the same thing but internally it works, is it possebol the
website still try's
to communicate directly with the client?

Our network scheme looks like this:

Webaplication -- DMZ > squid reverse proxy -- internet> client on the
web

Thanks for the help

-----Oorspronkelijk bericht-----
Van: Amos Jeffries [mailto:squid3_at_treenet.co.nz]
Verzonden: dinsdag 26 mei 2009 6:06
Aan: Bas van den Dikkenberg
CC: Bas van den Dikkenberg; squid-users_at_squid-cache.org
Onderwerp: Re: [squid-users] RE: reverse proxy problem

>
>
> Hello,
>
>
> I have build squid reverse proxy, for an web application called
topdesk..
>
> At first I get starting page but when I login I get some error's
>
> Can some one please help and tell me what is going wrong ??
>
> See log and config files below:
>
> Squid is version squid-2.7.STABLE6 is running on windows 2003 server.
>
>
> With kind regards,
>
>
> Bas van Den dikkenberg
>
>
>
> The log file:
>
> 1243256982.937 0 84.245.31.147 TCP_MEM_HIT/200 3089 GET
> https://extranet.dikkenberg.net/tas/css/login.css? - NONE/- text/css
> 1243256983.015 0 84.245.31.147 TCP_MEM_HIT/200 5305 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/logo-prof-4.gif -
> NONE/- image/gif
> 1243256983.015 0 84.245.31.147 TCP_MEM_HIT/200 5100 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/login.jpg? - NONE/-
> image/jpeg
> 1243256983.031 0 84.245.31.147 TCP_MEM_HIT/200 529 GET
> https://extranet.dikkenberg.net/tas/tasimage/login/loginbar.gif -
NONE/-
> image/gif
> 1243256983.171 0 84.245.31.147 TCP_MEM_HIT/200 5731 GET
> https://extranet.dikkenberg.net/favicon.ico - NONE/- -
> 1243256989.031 16 84.245.31.147 TCP_MISS/302 342 POST
>
https://extranet.dikkenberg.net/tas/secure/j_security_check;jsessionid=7
zzBU3-8Cqw1-erXS02
> - FIRST_UP_PARENT/q-services -
> 1243258530.734 16 84.245.31.147 TCP_MISS/302 380 GET
>
https://extranet.dikkenberg.net/tas/secure/j_security_check;jsessionid=7
zzBU3-8Cqw1-erXS02
> - FIRST_UP_PARENT/q-services -
>

None of these are errors. They are successful HITS or IMS requests.
Any error that is occuring amid those requests is likely to be a browser
failure to handle a URL so it never gets passed to Squid.

>
> My config looks like this:
>
> http_port 80 accel defaultsite=extranet.quaere.nl vhost
> https_port 443 accel defaultsite=extranet.dikkenberg.net vhost
> cert=C:/squid/etc/extranet.dikkenberg.net.crt
> key=C:/squid/etc/extranet.dikkenberg.net.key
> defaultsite=extranet.dikkenberg.net
>
>
> forwarded_for on
>
>
>
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern . 0 20% 4320
>
> cache_peer 192.168.0.55 parent 80 0 no-query no-digest originserver
> name=q-services login=PASS
> acl sites_q-services dstdomain extranet.quaere.nl
extranet.dikkenberg.net
> acl our_sites2 dstdomain extranet.quaere.nl extranet.dikkenberg.net
> cache_peer_access q-services allow sites_q-services

Missing:
http_access allow sites_q-services

>
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
>

... ah here it is, but with a different name.
You may as well merge the two ACLs sites_q-services and our_sites2 into
one name. They are identical.

> http_access allow our_sites2
> http_access allow manager all
> http_access allow manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny all
>
>
>
> access_log c:/squid/var/logs/access.log squid
> cache_mgr support_at_quaere.nl
>
>
>
>
Received on Tue May 26 2009 - 06:19:42 MDT

This archive was generated by hypermail 2.2.0 : Wed May 27 2009 - 12:00:02 MDT