[squid-users] Squid Reverse proxy and https

From: Rakesh Jha <rakesh_at_burgan.com>
Date: Wed, 19 May 2010 10:15:39 +0300

Hi experts,

We are running Squid version 2.7.STABLE8 in acceleration mode. What we
want to achieve is that - when the site is accessed through squid
reverse proxy web site should prompt for authentication window. The
authentication request is sent to Active directory by IIS server before
granting further access to the web site.

This work perfectly ok with http - we do http://squid-rev.domain.com, we
get the authentication window and after correctly entering user name
password, we get full access to the site.

Now the problem - when we configure ssl certificate and
https://squid-rev.domain.com we get authentication window and after that
nothing appears on screen.

We tried various options but with no success. Pl help. The Squid.conf is
as following -

acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl all_dst dst
acl all src
acl SSL_ports port 443
http_access allow manager localhost
http_access allow all
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow owa_host
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 80 accel defaultsite=iishost vhost

**** FOR HTTPS Access -
https_port ip-add:443 cert=/path/selfsigned_cert.pem key=/path/key.pem

ssl_unclean_shutdown on
cache_peer iishost parent 80 0 no-query originserver login=PASS
hierarchy_stoplist cgi-bin ?
access_log /usr/local/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user squid
cache_effective_group squid
visible_hostname squid-Rev
icp_port 3130
coredump_dir /usr/local/squid/var/cache

Thanks & regards,
Rakesh Jha
Any non-official business related views, opinions and other information presented in this electronic mail
are solely those of the sender/author.
Burgan Bank does not endorse or accept responsibility for their opinions. If you are not the addressed
indicated in this mail or responsible for delivering this message to the intended,
you should delete this message and notify the sender immediately.
Burgan Bank S.A.K
Received on Wed May 19 2010 - 07:15:57 MDT

This archive was generated by hypermail 2.2.0 : Wed May 19 2010 - 12:00:06 MDT