I have tried httpd_accel directives. The configiration is : http_port 8080 https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem acl it_net src e.f.g.0/255.255.255.0 acl all src 0.0.0.0/0.0.0.0 httpd_accel_host i.j.k.l httpd_accel_port 443 httpd_accel_single_host on httpd_accel_with_proxy on #acl acceleratedHost dst i.j.k.l acl accel_servers dst i.j.k.l #acl acceleratedPort 443 acl port443 port 443 acl http protocol http http_access allow accel_servers http port443 http_access allow it_net http_access deny all
When I enter https://mail.xyz.com I get alert messages telling that "The document contains no data" and cache.log registers following error: 2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL connection on FD 10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request Regards, Rakesh Kumar Jha ************************************************************* > Now we want to encrypt the mail.xyz.com. For this I have installed > RH-9, Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following > config - > > http_port 8080 > https_port 443 cert=/usr/local/ssl/cacert.pem > key=/usr/local/ssl/privkey.pem > > acl it_net src e.f.g.0/255.255.255.0 > http_access allow it_net You also need to enable acceleration/reverse proxying. See the httpd_accel_* directivves. Regards Henrik ******************************************************** Let me explain our environment...we were running as http://mail.xyz.com. Our DNS would resolve to IP a.b.c.d and the external firewall will translate this legal IP to private IP - e.f.g.h which was Squid Reverse Proxy (Squid V2.4). The squid revserse proxy was accerlerating exchange server OWA IP - i.j.k.l. There is another firewall between Squid reverse proxy and exchange server/OWA. This firewall allows traffice between these two on port 80. It worked perfectly. http://mail.xyz.com -->>Firewall-1 NAT -->>Squid Reverse proxy -->>Firewall-2 ---->>>> OWA IP a.b.c.d -------->>> NAT --->>>>>>> IP e.f.g.h ------------->>> Port ----->> IP i.j.k.l Now we want to encrypt the mail.xyz.com. For this I have installed RH-9, Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following config - http_port 8080 https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem acl it_net src e.f.g.0/255.255.255.0 http_access allow it_net 1. From Squid proxy when I say https://i.j.k.l I can acces the mails. 2. But from anywher else including proxy server if I say https://mail.xyz.com or https://a.b.c.d I get error URL: / cannot be retrieved. Why the IP is getting stripped? Regards, Rakesh Kumar Jha ##################################################################################### DISCLAIMER Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for these opinions, views or conclusions. If you are not the addressee indicated in this electronic mail or responsible for delivering this electronic message to the inteded recipient, you should delete this message and notify the sender immediately. Burgan Bank #####################################################################################
