Re: [squid-users] SQUID Reverse Proxy not forwarding requests to Apache web server
On 3/01/2012 7:33 a.m., Roman Gelfand wrote: Now, you got me curious. k.. I would the reverse proxy to control which server a web request 1) in case of https, forwarded to a web server box based on path 2) in case of http, forwarded based on url and/or path. Once the request is inside a reverse-proxy it does not matter if it is HTTP or HTTPS, the encryption stops at the receiving https_port. If you really need to make decisions based on received protocol type you can configure an ACL (acl HTTPS proto HTTPS) and use HTTPS in your access controls as needed. Please, let me know if this is doable with squid. If so, by all means, I would like to use squid. If you, have an example, I would greatly appreciate it. BTW... if 2) could be done with ssl, I would appreciate an example. Sure it is. The classic example as in: http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers using path details to decide between peers is shown at the end of the page under Other Criteria than Domain. How to add the HTTPS acl mentioned above should be obvious. There is a full config example with the specific details for setting up OWA as a peer server at http://wiki.squid-cache.org/ConfigExamples/Reverse/OutlookWebAccess. Exchange is somewhat delicate in what it expects and can handle, so be very careful about changing details on the cache_peer line from what is shown in the example. Amos
Re: [squid-users] SQUID Reverse Proxy not forwarding requests to Apache web server
On 2/01/2012 1:52 p.m., Roman Gelfand wrote: My squid server 3.1.6 sits in dmz. On this server, I am running apache server 2.2.9. My goal is to a) cash owa responses b) forward https owa requests to the Apache server on port 8443 c) The Apache server forwards the request to internal exchange server. Why bother with relaying it through Apache? Squid does the job of being a proxy better than Apache web server can. Particularly since you already have the traffic going through a Squid. Below, is my squid reverse proxy configuration. The domain webmail.mydomain.com resolves to the of external interface of the exchange server. However, I am saying, in configuration, that cache_peer is localhost. Nevertheless, the https request is never forwarded to apache server. Rather, it is going directly to the external interface of the exchange server. Where am I going wrong here? You have not provided any info about what the client traffic is actually requesting and what the Apache server is responding with when squid tries to pass the requests there. You are missing the cache_peer_access rules to limit what traffic goes through Apache. So everything will be attempted. You are missing never_direct rules denying Squid direct contact with the requested domain server. hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin shutdown_lifetime 1 second visible_hostname webmail.mydomain.com #1GB disk cache cache_dir ufs /usr/local/squid/var/cache 1024 16 256 maximum_object_size 5 MB cache_mem 1024 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 512 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA https_port 443 cert=/etc/apache2/certs/pkey.pem key=/etc/apache2/certs/sitecert.key vhost vport cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver sslflags=DONT_VERIFY_PEER front-end-https login=PASS Thanks in advance
Re: [squid-users] SQUID Reverse Proxy not forwarding requests to Apache web server
Now, you got me curious. k.. I would the reverse proxy to control which server a web request 1) in case of https, forwarded to a web server box based on path 2) in case of http, forwarded based on url and/or path. Please, let me know if this is doable with squid. If so, by all means, I would like to use squid. If you, have an example, I would greatly appreciate it. BTW... if 2) could be done with ssl, I would appreciate an example. Thanks for your help. On Mon, Jan 2, 2012 at 10:16 AM, Amos Jeffries squ...@treenet.co.nz wrote: On 2/01/2012 1:52 p.m., Roman Gelfand wrote: My squid server 3.1.6 sits in dmz. On this server, I am running apache server 2.2.9. My goal is to a) cash owa responses b) forward https owa requests to the Apache server on port 8443 c) The Apache server forwards the request to internal exchange server. Why bother with relaying it through Apache? Squid does the job of being a proxy better than Apache web server can. Particularly since you already have the traffic going through a Squid. Below, is my squid reverse proxy configuration. The domain webmail.mydomain.com resolves to the of external interface of the exchange server. However, I am saying, in configuration, that cache_peer is localhost. Nevertheless, the https request is never forwarded to apache server. Rather, it is going directly to the external interface of the exchange server. Where am I going wrong here? You have not provided any info about what the client traffic is actually requesting and what the Apache server is responding with when squid tries to pass the requests there. You are missing the cache_peer_access rules to limit what traffic goes through Apache. So everything will be attempted. You are missing never_direct rules denying Squid direct contact with the requested domain server. hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin shutdown_lifetime 1 second visible_hostname webmail.mydomain.com #1GB disk cache cache_dir ufs /usr/local/squid/var/cache 1024 16 256 maximum_object_size 5 MB cache_mem 1024 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 512 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA https_port 443 cert=/etc/apache2/certs/pkey.pem key=/etc/apache2/certs/sitecert.key vhost vport cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver sslflags=DONT_VERIFY_PEER front-end-https login=PASS Thanks in advance
[squid-users] SQUID Reverse Proxy not forwarding requests to Apache web server
My squid server 3.1.6 sits in dmz. On this server, I am running apache server 2.2.9. My goal is to a) cash owa responses b) forward https owa requests to the Apache server on port 8443 c) The Apache server forwards the request to internal exchange server. Below, is my squid reverse proxy configuration. The domain webmail.mydomain.com resolves to the of external interface of the exchange server. However, I am saying, in configuration, that cache_peer is localhost. Nevertheless, the https request is never forwarded to apache server. Rather, it is going directly to the external interface of the exchange server. Where am I going wrong here? hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin shutdown_lifetime 1 second visible_hostname webmail.mydomain.com #1GB disk cache cache_dir ufs /usr/local/squid/var/cache 1024 16 256 maximum_object_size 5 MB cache_mem 1024 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 512 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA https_port 443 cert=/etc/apache2/certs/pkey.pem key=/etc/apache2/certs/sitecert.key vhost vport cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver sslflags=DONT_VERIFY_PEER front-end-https login=PASS Thanks in advance