Re: [squid-users] squid 3.1.x with IIS SharePoint as back-end. from Amos Jeffries on 2012-01-11 (squid-users)

From: Amos Jeffries <squid3_at_treenet.co.nz>
Date: Thu, 12 Jan 2012 01:23:40 +1300

On 11/01/2012 8:46 p.m., kimi ge(巍俊葛) wrote:
> Thanks Amos.
>
> I did the lynx test on back-end web site on squid system like this:
> sudo lynx http://wtestsm1.asiapacific.hpqcorp.net
>
> First, it show the message:
> Alert!: Invalid header 'WWW-Authenticate: NTLM'
>
> Then it show the following message.
> Show the 401 message body? (y/n)

Aha. NTLM authentication. Very probaby that login=PASS then.

>
> For the domain auth, I mean the back-end web site need corp domain
> user to be accessed.
> I put this in this way, if I log on with my corp domain on my laptop,
> then I could acces IIS Share Point without any credentials window pop
> up. If not, I have to input my domain account on credentials window to
> access the Share Point Site.
>
>
> The following is my squid configuration about this case which I ignore
> some default sections.
> #added by kimi
> acl hpnet src 16.0.0.0/8 # RFC1918 possible internal network
> #added by kimi
> acl origin_servers dstdomain ids-ams.elabs.eds.com
> http_access allow origin_servers
> http_access allow hpnet
>
> http_port 192.85.142.88:80 accel defaultsite=ids-ams.elabs.eds.com
> connection-auth=on
>
> forwarded_for on
>
> request_header_access WWW-Authenticate allow all

This is not needed. The Squid default is to relay www-auth headers
through. www-authenticate is a reply header anyway, to inform the client
agent what types of auth it can use.

>
> cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query
> no-digest originserver name=main connection-auth=on login=PASS

"connection-auth=on" should be enough. Try without login=PASS.

>
> cache_peer_domain main .elabs.eds.com
>
> hierarchy_stoplist cgi-bin ?
>
> coredump_dir /var/spool/squid
>
> # Add any of your own refresh_pattern entries above these.
> refresh_pattern ^ftp: 1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
> refresh_pattern . 0 20% 4320
>
> cache_dir aufs /data/squid/cache 12000 64 256
> cache_mem 1024 MB
> maximum_object_size_in_memory 1024 KB
> maximum_object_size 51200 KB
>
> visible_hostname ids-ams.elabs.eds.com
> debug_options ALL,5
> http_access deny all
>
> While let squid be running, I do test like this
> http://ids-ams.elabs.eds.com
>
> The 404 error page is shown.

Okay. Which error page? Squid sends three different ones with that
status code. Invalid request or Invalid URL or something else?

> That's why I am wondering squid could be as reverse-proxy with IIS
> SharePoint as back-end?

It can be. There is normally no trouble. But the newer features MS have
been adding for IPv6 and cloud support recently are not widely tested yet.

Amos
Received on Wed Jan 11 2012 - 12:23:47 MST

This archive was generated by hypermail 2.2.0 : Wed Jan 11 2012 - 12:00:02 MST