Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

From: 巍俊葛 <weijunge_at_gmail.com>
Date: Tue, 31 Jan 2012 11:38:09 +0800

Hi Henrik,

Thanks for your reply first.
I did the try on two versions. Here is the details including
squid.conf and log information.

1. squid 2.6.23
 /usr/local/squid2.6.23/sbin/squid -v
Squid Cache: Version 2.6.STABLE23
configure options: '--prefix=/usr/local/squid2.6.23'
'--enable-storeio=ufs,aufs,diskd' '--enable-arp-acl'
'--enable-linux-netfilter'

a. squid.conf:

http_access allow all
icp_access allow all
http_port 192.85.142.88:80 accel defaultsite=usplsvulx104.elabs.eds.com
cache_dir aufs /home/squid/cache 1200 64 256
cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query
originserver name=main
cache_peer_access main allow all
dns_nameservers 192.85.245.66 130.175.204.140
hierarchy_stoplist cgi-bin ?
access_log /usr/local/squid2.6.23/var/logs/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
check_hostnames off
coredump_dir /usr/local/squid2.6.23/var/cache

b. access.log
1327979646.010 0 16.212.0.105 TCP_NEGATIVE_HIT/404 598 GET
http://usplsvulx104.elabs.eds.com/ - NONE/- text/html
1327979675.084 0 16.178.121.18 TCP_NEGATIVE_HIT/404 598 GET
http://usplsvulx104.elabs.eds.com/ - NONE/- text/html
1327979985.763 390 16.178.121.18 TCP_MISS/404 600 GET
http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

2. squid 3.1.18
./squid -v
Squid Cache: Version 3.1.18-20120110-r10420
configure options: '--prefix=/usr/local/squid3.1.18'
'--disable-inline' '--disable-optimizations'
'--enable-storeio=ufs,aufs,diskd' '--enable-arp-acl'
'--with-dfault-user=squid' '--disable-ipv6'
--with-squid=/home/kimi/squid-3.1.18-20120110-r10420
--enable-ltdl-convenience

a squid.conf
http_access allow all
http_port 192.85.142.88:80 accel
defaultsite=usplsvulx104.elabs.eds.com connection-auth=on
cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query
originserver name=main
cache_peer_domain main .elabs.eds.com
cache_peer_access main allow all
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_dir aufs /home/squid/cache 1200 64 256
cache_mem 1024 MB
maximum_object_size_in_memory 1024 KB
maximum_object_size 51200 KB
debug_options ALL,5
cache_effective_user squid

b. access.log
1327980594.156 72 16.212.0.105 TCP_MISS/503 4098 GET
http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

Except the relevant configurations, I am not sure I miss any other factors.

Thanks,
Kimi

On 31/01/2012, Henrik Nordström <henrik_at_henriknordstrom.net> wrote:
> mån 2012-01-30 klockan 11:48 +0800 skrev kimi ge(巍俊葛):
>
>> Could anyone give any suggestion to configure squid as a reverse-proxy
>> to work with IIS/SharePoint plus NTLM?
>
> The normal recommended setup should just work.
>
> http_port 80 accel vhost
> cache_peer ip.of.iss.server 80 0 no-query originserver
>
> If it fails then please provide a little more data
>
> * Version of Squid used
> * What does access.log say?
>
> Regards
> Henrik
>
>
Received on Tue Jan 31 2012 - 03:38:17 MST

This archive was generated by hypermail 2.2.0 : Tue Jan 31 2012 - 12:00:04 MST