subject:"Re\: \[squid\-users\] Any idea to configure squid as a reverse\-proxy to work with IIS\/SharePoint plus NTLM"

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

2012-01-30 Thread Henrik Nordström

tis 2012-01-31 klockan 11:38 +0800 skrev kimi ge(巍俊葛):

> 1. squid 2.6.23

Please use Squid-2.7.STABLE9 if using Squid-2. Not sure if connection
pinning to peers (required for NTLM) works well in 2.6.23.

> http_port 192.85.142.88:80 accel defaultsite=usplsvulx104.elabs.eds.com
> cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query originserver 
> name=main

> 1327979985.763390 16.178.121.18 TCP_MISS/404 600 GET 
> http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

Do the web server have a site named usplsvulx104.elabs.eds.com and an
index page? The web server says that the page do not exists (404).

> 2. squid 3.1.18

> http_port 192.85.142.88:80 accel defaultsite=usplsvulx104.elabs.eds.com 
> connection-auth=on
> cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query originserver 
> name=main

> 1327980594.156 72 16.212.0.105 TCP_MISS/503 4098 GET 
> http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

Hmm.. now the web server says "503 Service Unavailable". Very odd.
Request sent by Squid should be close to identical to 2.6.23 above.

Regards
Henrik

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

2012-01-30 Thread 巍俊葛

Hi Henrik,

Thanks for your reply first.
I did the try on two versions. Here is the details including
squid.conf and log information.

1. squid 2.6.23
 /usr/local/squid2.6.23/sbin/squid -v
Squid Cache: Version 2.6.STABLE23
configure options:  '--prefix=/usr/local/squid2.6.23'
'--enable-storeio=ufs,aufs,diskd' '--enable-arp-acl'
'--enable-linux-netfilter'

a. squid.conf:

http_access allow all
icp_access allow all
http_port 192.85.142.88:80 accel defaultsite=usplsvulx104.elabs.eds.com
cache_dir aufs /home/squid/cache 1200 64 256
cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query
originserver name=main
cache_peer_access main allow all
dns_nameservers 192.85.245.66 130.175.204.140
hierarchy_stoplist cgi-bin ?
access_log /usr/local/squid2.6.23/var/logs/access.log squid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern .   0   20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
check_hostnames off
coredump_dir /usr/local/squid2.6.23/var/cache

b. access.log
1327979646.010  0 16.212.0.105 TCP_NEGATIVE_HIT/404 598 GET
http://usplsvulx104.elabs.eds.com/ - NONE/- text/html
1327979675.084  0 16.178.121.18 TCP_NEGATIVE_HIT/404 598 GET
http://usplsvulx104.elabs.eds.com/ - NONE/- text/html
1327979985.763390 16.178.121.18 TCP_MISS/404 600 GET
http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

2. squid 3.1.18
./squid -v
Squid Cache: Version 3.1.18-20120110-r10420
configure options:  '--prefix=/usr/local/squid3.1.18'
'--disable-inline' '--disable-optimizations'
'--enable-storeio=ufs,aufs,diskd' '--enable-arp-acl'
'--with-dfault-user=squid' '--disable-ipv6'
--with-squid=/home/kimi/squid-3.1.18-20120110-r10420
--enable-ltdl-convenience

a squid.conf
http_access allow all
http_port 192.85.142.88:80 accel
defaultsite=usplsvulx104.elabs.eds.com connection-auth=on
cache_peer wtestsm1.asiapacific.hpqcorp.net parent 80 0 no-query
originserver name=main
cache_peer_domain main .elabs.eds.com
cache_peer_access main allow all
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid
refresh_pattern ^ftp:   144020% 10080
refresh_pattern ^gopher:14400%  1440
refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
refresh_pattern .   0   20% 4320
cache_dir aufs /home/squid/cache 1200 64 256
cache_mem 1024 MB
maximum_object_size_in_memory 1024 KB
maximum_object_size 51200 KB
debug_options ALL,5
cache_effective_user squid

b. access.log
1327980594.156 72 16.212.0.105 TCP_MISS/503 4098 GET
http://usplsvulx104.elabs.eds.com/ - FIRST_UP_PARENT/main text/html

Except the relevant configurations, I am not sure I miss any other factors.

Thanks,
Kimi

On 31/01/2012, Henrik Nordström  wrote:
> mån 2012-01-30 klockan 11:48 +0800 skrev kimi ge(巍俊葛):
>
>> Could anyone give any suggestion to configure squid as a reverse-proxy
>> to work with IIS/SharePoint plus NTLM?
>
> The normal recommended setup should just work.
>
> http_port 80 accel vhost
> cache_peer ip.of.iss.server 80 0 no-query originserver
>
> If it fails then please provide a little more data
>
> * Version of Squid used
> * What does access.log say?
>
> Regards
> Henrik
>
>

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

2012-01-30 Thread Henrik Nordström

mån 2012-01-30 klockan 11:48 +0800 skrev kimi ge(巍俊葛):

> Could anyone give any suggestion to configure squid as a reverse-proxy
> to work with IIS/SharePoint plus NTLM?

The normal recommended setup should just work.

http_port 80 accel vhost
cache_peer ip.of.iss.server 80 0 no-query originserver

If it fails then please provide a little more data

* Version of Squid used
* What does access.log say?

Regards
Henrik

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

Re: [squid-users] Any idea to configure squid as a reverse-proxy to work with IIS/SharePoint plus NTLM

3 matches

Site Navigation

Mail list logo

Footer information