Re: [squid-users] problems with squid 2.5.Stable7 in accelerator mode with https

[Henrik Nordstrom]

On Thu, 16 Dec 2004, Glatzel Tino wrote:
i want to use my squid in accelerator mode to secure the access to our
Exchange Server (Outlook Webaccess).
You can't in a reasonable manner with Squid-2.5, at least not without 
patching it to support the OWA specifig Front-End-Https header telling OWA 
there is https gateway infront of it accepting requests as https and 
forwarding them as http to OWA.

Regards
Henrik

[squid-users] problems with squid 2.5.Stable7 in accelerator mode with https

[Glatzel Tino]

Hello list,

i want to use my squid in accelerator mode to secure the access to our
Exchange Server (Outlook Webaccess).
If i use port 80 to connect to the squid, it works fine. All traffic to the
Exchange Server will be routed to the squid. With netstat -an i can see it.
If i connect with port 443 to the squid, i see a message like this:
the side contains secure and unsecure objects. Do you want to display the
unsecure objects ?
When i press the YES button, my workstation connect to the Exchange Server
direct. I see it with
netstat -an. 
This is my configuration:

Debian GNU Linux woody
Squid-2.5.Stable7




Usersystem HTTPS Squid
-HTTP Exchange Server
owa.testnetz.de
exchange.testnetz.de
Request:192.168.20.10
192.168.20.20
https://owa.testnetz.de/exchangeCertificate is
generated for 
owa.testnetz.de


/opt/squid/etc/squid.conf

http_port 80

https_port 443 cert=/opt/squid/etc/server.crt key=/opt/squid/etc/server.key

httpd_accel_host 192.168.20.20
httpd_accel_port 80
httpd_accel_uses_host_header on
httpd_accel_single_host off

cache_mgr [EMAIL PROTECTED]
visible_hostname owa.testnetz.de

dns_testnames owa.testnetz.de

debug_options ALL,2
logfile_rotate 5

cache_log /opt/squid/var/logs/cache.log
cache_access_log /opt/squid/var/logs/access.log
cache_store_log /opt/squid/var/logs/store.log
coredump_dir /opt/squid/var/logs/

pid_filename /opt/squid/var/logs/squid.pid

error_directory /opt/squid/share/errors/German

cache_replacement_policy lru
cache_dir ufs /opt/squid/var/cache 1024 64 256

cache_swap_low 90
cache_swap_high 95
maximum_object_size 2046 MB
store_dir_select_algorithm least-load

cache_mem 64 MB
maximum_object_size_in_memory 64 KB
memory_replacement_policy lru

mime_table /opt/squid/etc/mime.conf

ipcache_size 1
ipcache_low 90
ipcache_high 95
fqdncache_size 1024

refresh_pattern .   0   20% 4320

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl Exchange_IP dst 192.168.20.20


acl SSL_ports port 443

acl Safe_ports port 443 # https
acl Safe_ports port 80 # http

acl Exchange_Port port 80

acl CONNECT method CONNECT


always_direct allow all

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow all Exchange_IP
http_access deny all

http_reply_access allow all

icp_access deny all

cache_effective_user squid
cache_effective_group squid




/etc/hosts

edm:~# cat /etc/hosts
127.0.0.1   localhost
192.168.20.20 owa.testnetz.de owa





can anyone help me ??



tino

Mit freundlichen Grüssen
Tino Glatzel

badenIT
Innovationstechnologie für Ihre Zukunft

Tino Glatzel
badenIT GmbH
System Support
Tullastr. 70
D-79108 Freiburg

Tel. +49 761 279-2804
Fax +49 761 279-572804

mailto:[EMAIL PROTECTED]
www.badenIT.de