I disabled in browser to use Squid as a proxy. When I do https://mail.xyz.com. I am getting follwoing error (after long time):
The requested URL could not be retrieved. While trying to retrive the URL: http://172.29.1.14:443 READ ERROR. (104) connection reset be peer. In access.log I get - 1078896546.765 172357 168.187.198.212 TCP_MISS/500 1367 GET http://172.29.1.14:443/ - DIRECT/172.29.1.14 text/html Why this error it should show https://172.29.1.14:443 ?????? The squid.conf is as following: https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem httpd_accel_host 172.29.1.14 httpd_accel_port 443 httpd_accel_single_host on httpd_accel_with_proxy on acl accel_servers dst 172.29.1.14 acl port443 port 443 acl http protocol http http_access allow accel_servers http port443 Now what I did today: 1. I disabled certificate on Exchange server and changed following: httpd_accel_port 443 -to- httpd_accel_port 80 acl port443 port 443 -to- acl port80 port 80 http_access allow accel_servers http port443 -to- http_access allow accel_servers http port80 Allowed in firewall-2 to the pass traffice between squid server and exchange server on port 80 in place of 443. This arrangement worked OK. This means that there was no encryption between between squid server and exchange server. 2. After this I restored the changes made in step 1. In the access.log I get follwoing: 1078818083.121 43952 168.187.198.212 TCP_MISS/000 0 GET http://172.29.1.14:443 - DIRECT/172.29.1.14 - Thinking that the messages should have been "GET https://172.29.1.14 so I changed follwoing in squid.conf - acl http protocol http -to- acl https protocol https but I am getting same message in access.log. Can I not have SSL between client & Squid-Rev and Squid-Rev & Exchange srever???????? 3. Another question ( may be I am late to ask it) Can I not have SSL between Exchange & client, Squid-Reverse proxy just pass it i.e. Tunneling SSL through Proxy in reverse mode? 4. While returning wiht error as seen in 'URL could not be retrived' it shows the internal IP. Can I change it to appear from real IP of mail.xyz.com. Thanks Rakesh Kumar Jha ************************************************************************ On Mon, 8 Mar 2004, Rakesh Kumar wrote: > 2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL connection on FD > 10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request You get this if you have configured your browser to use Squid as a proxy. Don't do this for reverse-proxying. Regards Henrik ##################################################################################### DISCLAIMER Any non-official business related views, opinions and other information presented in this electronic mail are solely those of the sender/author. Burgan Bank does not endorse or accept responsibility for these opinions, views or conclusions. If you are not the addressee indicated in this electronic mail or responsible for delivering this electronic message to the inteded recipient, you should delete this message and notify the sender immediately. Burgan Bank #####################################################################################
