[squid-users] I have a problem reverse squid3 for Exchange for RPC two domain from frederic lubrano on 2011-09-07 (squid-users)

From: frederic lubrano <frederic.lubrano_at_gmail.com>
Date: Wed, 7 Sep 2011 18:16:21 +0200

Hello,

I have a problem with my configuration reverse squid3 for Exchange for
RPC , everything goes well when I have only one reverse:

1314872037.795 58450 82.20.10.245 TCP_MISS/200 2528 RPC_OUT_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr application/rpc
1314872037.795 52619 118.68.25.162 TCP_MISS/000 0 RPC_IN_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr -
1314872037.795 52963 88.14.18.98 TCP_MISS/000 0 RPC_IN_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr -
1314872037.795 52823 88.14.18.98 TCP_MISS/200 12128 RPC_OUT_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr application/rpc
1314872037.795 52196 88.14.18.98 TCP_MISS/200 3152 RPC_OUT_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr application/rpc
1314872037.796 52352 88.14.18.98 TCP_MISS/504 0 RPC_IN_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr text/html
1314872037.796 51433 118.68.25.162 TCP_MISS/200 1540 RPC_OUT_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr application/rpc
1314872037.796 40253 92.90.23.30 TCP_MISS/000 0 POST
https://rpc.exemple1.fr/Microsoft-Server-ActiveSync? -
FIRST_UP_PARENT/echmes03.exemple1.fr -
1314872037.796 37657 90.84.146.225 TCP_MISS/000 0 RPC_IN_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr -
1314872037.796 37187 90.84.146.225 TCP_MISS/200 644 RPC_OUT_DATA
https://rpc.exemple1.fr/rpc/rpcproxy.dll? -
FIRST_UP_PARENT/echmes03.exemple1.fr application/rpc

otherwise, we need to use the reverse Squid for another domain, here
is the extract of config suid.conf file :

etc/squid3# cat squid.conf
extension_methods RPC_IN_DATA RPC_OUT_DATA

redirect_rewrites_host_header off
visible_hostname none

icp_port 0

https_port 442 accel cert=/clusterdata/etc/ssl/certs/exemple1.fr.pem
key=/clusterdata/etc/ssl/private/exemple1.fr.key
defaultsite=rpc.exemple1.fr vhost

cache_peer echmes03.exemple1.fr parent 443 0 no-query no-digest
originserver login=PASS front-end-https=on ssl
sslflags=DONT_VERIFY_PEER forceddomain=echmes03.exemple1.fr
name=exchangeServer

acl EXCH dstdomain rpc.sogreah.fr
acl EXCH dstdomain echmes03.exemple1.fr
acl EXCH dstdomain autodiscover.exemple1.fr

cache_peer_access exchangeServer allow EXCH
cache_peer_access exchangeServer deny all

https_port 441 accel cert=/clusterdata/etc/ssl/certs/exemple2.com.pem
key=/clusterdata/etc/ssl/private/exemple2.com.key
defaultsite=rpc.exemple2.com vhost

cache_peer svechhub01.exemple2.com parent 443 0 no-query no-digest
originserver login=PASS front-end-https=on ssl
sslflags=DONT_VERIFY_PEER forceddomain=svechhub01.exemple2.com
name=exchangeServerArtelia

acl EXCHART dstdomain rpc.exemple2.com
acl EXCHART dstdomain svechhub01.exemple2.com
acl EXCHART dstdomain autodiscover.exemple2.com

cache_peer_access exchangeServerArtelia allow EXCHART
cache_peer_access exchangeServerArtelia deny all

# Lock down access to just the Exchange Server!
http_access allow EXCH EXCHART
http_access deny all
miss_access allow EXCH EXCHART
miss_access deny all

After restart squid, I see that ports 441 and 442 are listening:

Initializing https_port 0.0.0.0:442 SSL context
Initializing https_port 0.0.0.0:441 SSL context

By cons, nothing works

Do you have an idea?

Thank you very much, best regards

fred

2011/09/01 12:21:32.807| command-line -X overrides: ALL,7
2011/09/01 12:21:32.808| aclDestroyACLs: invoked
2011/09/01 12:21:32.808| ACL::Prototype::Registered: invoked for type src
2011/09/01 12:21:32.808| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.808| ACL::FindByName 'all'
2011/09/01 12:21:32.808| ACL::FindByName found no match
2011/09/01 12:21:32.808| aclParseAclLine: Creating ACL 'all'
2011/09/01 12:21:32.808| ACL::Prototype::Factory: cloning an object
for type 'src'
2011/09/01 12:21:32.808| aclParseIpData: all
2011/09/01 12:21:32.808| Processing Configuration File:
squid_sog_art.conf (depth 0)
2011/09/01 12:21:32.809| Processing: 'extension_methods RPC_IN_DATA
RPC_OUT_DATA'
2011/09/01 12:21:32.809| Processing: 'redirect_rewrites_host_header off'
2011/09/01 12:21:32.809| Processing: 'visible_hostname none'
2011/09/01 12:21:32.809| Processing: 'icp_port 0'
2011/09/01 12:21:32.809| Processing: 'https_port 442 accel
cert=/clusterdata/etc/ssl/certs/exemple1.fr.pem
key=/clusterdata/etc/ssl/private/exemple1.fr.key
defaultsite=rpc.exemple1.fr vhost'
2011/09/01 12:21:32.809| Processing: 'cache_peer echmes03.exemple1.fr
parent 443 0 no-query no-digest originserver login=PASS
front-end-https=on ssl sslflags=DONT_VERIFY_PEER
forceddomain=echmes03.exemple1.fr name=exchangeServer'
2011/09/01 12:21:32.810| event.cc(315) schedule: Adding 'peerClearRR',
in 300.00 seconds
2011/09/01 12:21:32.810| Processing: 'acl EXCH dstdomain rpc.exemple1.fr'
2011/09/01 12:21:32.810| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.810| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.810| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.810| ACL::FindByName found no match
2011/09/01 12:21:32.810| aclParseAclLine: Creating ACL 'EXCH'
2011/09/01 12:21:32.810| ACL::Prototype::Factory: cloning an object
for type 'dstdomain'
2011/09/01 12:21:32.810| Processing: 'acl EXCH dstdomain echmes03.exemple1.fr'
2011/09/01 12:21:32.810| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.810| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.810| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.810| aclParseAclLine: Appending to 'EXCH'
2011/09/01 12:21:32.810| Processing: 'acl EXCH dstdomain
autodiscover.exemple1.fr'
2011/09/01 12:21:32.810| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.810| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.810| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.810| aclParseAclLine: Appending to 'EXCH'
2011/09/01 12:21:32.810| Processing: 'cache_peer_access exchangeServer
allow EXCH'
2011/09/01 12:21:32.810| aclParseAccessLine: looking for ACL name 'EXCH'
2011/09/01 12:21:32.810| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.810| Processing: 'cache_peer_access exchangeServer deny all'
2011/09/01 12:21:32.810| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.810| ACL::FindByName 'all'
2011/09/01 12:21:32.810| Processing: 'https_port 441 accel
cert=/clusterdata/etc/ssl/certs/exemple2.com.pem
key=/clusterdata/etc/ssl/private/exemple2.com.key
defaultsite=rpc.exemple2.com vhost'
2011/09/01 12:21:32.810| Processing: 'cache_peer
svechhub01.exemple2.com parent 443 0 no-query no-digest originserver
login=PASS front-end-https=on ssl sslflags=DONT_VERIFY_PEER
forceddomain=svechhub01.exemple2.com name=exchangeServerArtelia'
2011/09/01 12:21:32.810| event.cc(315) schedule: Adding 'peerClearRR',
in 300.00 seconds
2011/09/01 12:21:32.810| Processing: 'acl EXCHART dstdomain rpc.exemple2.com'
2011/09/01 12:21:32.810| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.810| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.810| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.810| ACL::FindByName found no match
2011/09/01 12:21:32.810| aclParseAclLine: Creating ACL 'EXCHART'
2011/09/01 12:21:32.810| ACL::Prototype::Factory: cloning an object
for type 'dstdomain'
2011/09/01 12:21:32.811| Processing: 'acl EXCHART dstdomain
svechhub01.exemple2.com'
2011/09/01 12:21:32.811| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.811| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.811| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.811| aclParseAclLine: Appending to 'EXCHART'
2011/09/01 12:21:32.811| Processing: 'acl EXCHART dstdomain
autodiscover.exemple2.com'
2011/09/01 12:21:32.811| ACL::Prototype::Registered: invoked for type dstdomain
2011/09/01 12:21:32.811| ACL::Prototype::Registered: yes
2011/09/01 12:21:32.811| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.811| aclParseAclLine: Appending to 'EXCHART'
2011/09/01 12:21:32.811| Processing: 'cache_peer_access
exchangeServerArtelia allow EXCHART'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'EXCHART'
2011/09/01 12:21:32.811| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.811| Processing: 'cache_peer_access
exchangeServerArtelia deny all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| Processing: 'http_access allow EXCH EXCHART'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'EXCH'
2011/09/01 12:21:32.811| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'EXCHART'
2011/09/01 12:21:32.811| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.811| Processing: 'http_access deny all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| Processing: 'miss_access allow EXCH EXCHART'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'EXCH'
2011/09/01 12:21:32.811| ACL::FindByName 'EXCH'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'EXCHART'
2011/09/01 12:21:32.811| ACL::FindByName 'EXCHART'
2011/09/01 12:21:32.811| Processing: 'miss_access deny all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'all'
2011/09/01 12:21:32.811| file_map_create: creating space for 16384 files
2011/09/01 12:21:32.811| --> 512 words of 4 bytes each
2011/09/01 12:21:32.811| wccp2_add_service_list: added service id 0
2011/09/01 12:21:32.811| aclParseAccessLine: looking for ACL name 'all'
2011/09/01 12:21:32.811| ACL::FindByName 'echmes03.domaine1.frall'
2011/09/01 12:21:32.811| acl_access::containsPURGE: invoked for
'http_access allow EXCH EXCHART'
2011/09/01 12:21:32.811| acl_access::containsPURGE: can't create tempAcl
2011/09/01 12:21:32.811| acl_access::containsPURGE: can't create tempAcl
2011/09/01 12:21:32.811| acl_access::containsPURGE: can't create tempAcl
2011/09/01 12:21:32.811| acl_access::containsPURGE: returning false
2011/09/01 12:21:32.811| Extension method 'RPC_IN_DATA' added, enum=30
2011/09/01 12:21:32.811| Extension method 'RPC_OUT_DATA' added, enum=31
2011/09/01 12:21:32.811| Initializing https proxy context
2011/09/01 12:21:32.813| Using SSLv2/SSLv3.
2011/09/01 12:21:32.813| Setting RSA key generation callback.
2011/09/01 12:21:32.813| Setting certificate verification callback.
2011/09/01 12:21:32.814| Setting CA certificate locations.
2011/09/01 12:21:32.814| Initializing cache_peer exchangeServer SSL context
2011/09/01 12:21:32.814| Using SSLv2/SSLv3.
2011/09/01 12:21:32.814| Setting RSA key generation callback.
2011/09/01 12:21:32.814| NOTICE: Peer certificates are not verified
for validity!
2011/09/01 12:21:32.814| Setting CA certificate locations.
2011/09/01 12:21:32.814| Initializing cache_peer exchangeServerArtelia
SSL context
2011/09/01 12:21:32.814| Using SSLv2/SSLv3.
2011/09/01 12:21:32.814| Setting RSA key generation callback.
2011/09/01 12:21:32.814| NOTICE: Peer certificates are not verified
for validity!
2011/09/01 12:21:32.814| Setting CA certificate locations.
2011/09/01 12:21:32.814| Initializing https_port 0.0.0.0:442 SSL context
2011/09/01 12:21:32.814| Using SSLv2/SSLv3.
2011/09/01 12:21:32.814| Using certificate in
/clusterdata/etc/ssl/certs/exemple1.fr.pem
2011/09/01 12:21:32.814| Using private key in
/clusterdata/etc/ssl/private/exemple1.fr.key
2011/09/01 12:21:32.836| Comparing private and public SSL keys.
2011/09/01 12:21:32.836| Setting RSA key generation callback.
2011/09/01 12:21:32.836| Setting CA certificate locations.
2011/09/01 12:21:32.836| Not requiring any client certificates
2011/09/01 12:21:32.836| Initializing https_port 0.0.0.0:441 SSL context
2011/09/01 12:21:32.836| Using SSLv2/SSLv3.
2011/09/01 12:21:32.836| Using certificate in
/clusterdata/etc/ssl/certs/exemple2.com.pem
2011/09/01 12:21:32.836| Using private key in
/clusterdata/etc/ssl/private/exemple2.com.key
2011/09/01 12:21:32.844| Comparing private and public SSL keys.
2011/09/01 12:21:32.844| Setting RSA key generation callback.
2011/09/01 12:21:32.844| Setting CA certificate locations.
2011/09/01 12:21:32.844| Not requiring any client certificates
2011/09/01 12:21:32.844| leave_suid: PID 18913 called
2011/09/01 12:21:32.844| leave_suid: PID 18913 giving up root, becoming 'proxy'
Received on Wed Sep 07 2011 - 16:14:44 MDT

This archive was generated by hypermail 2.2.0 : Thu Sep 08 2011 - 12:00:02 MDT