I got squid3 to compile and install, now having trouble getting it to work.
in squid.conf in ver. 3, these are the options I have made:
----
https_port 443 cert=/etc/openssl/cacert.pem key=/etc/openssl/privkey.pem accel defaultsite=owa.clinedavis.com
cache_peer owa.clinedavis.com parent 80 0 no-query front-end-https=on --- in /etc/hosts --- 10.1.16.67 owa.clinedavis.com --- and when I go to the squid server I get this...
Bad Request (Invalid URL)
in access.log I get this
1067539553.232 1 10.1.16.100 TCP_NEGATIVE_HIT/400 270 GET https://owa.clinedavis.com/ - NONE/- text/html
1067543543.673 23 10.1.16.100 TCP_MISS/400 262 GET https://owa.clinedavis.com/ - FIRST_UP_PARENT/owa.clinedavis.com text/html
when I change the ip in etc/hosts to some other web server, it works.
In squid2 this following config works, but still has that not loading folders problem.
squid.conf ---- https_port 443 cert=/etc/openssl/cacert.pem key=/etc/openssl/privkey.pem
httpd_accel_host owa.clinedavis.com
cache_peer owa.clinedavis.com parent 80 0 no-query front-end-https=on ----
Any help would be greatly appreciated.
Thanks,
jg
On Wednesday, October 29, 2003, at 05:00 PM, Henrik Nordstrom wrote:
On Wed, 29 Oct 2003, Jonathan Giles wrote:
1) forms based authentication mode turns on ssl on the exchange server. Https connections fail because it does not like the test cert we put on the exchange server. Is there any way to tell squid to ignore the problem with the ssl test cert on the 2003 exchange server?
If you use Squid-3 then you can tell Exchange that https is added by a frontend server such as Squid. See the cache_peer directive in Squid-3.
We can skip forms based auths if we can cause squid to time out
sessions... Seems as though exchange credentials are stored on the web
client, and are not destroyed until the web client is quit.
Correct.
2) if using IE on Windows, exchange2003 goes into high gear mode and
gives special features to the client, and this does not work on the
squid system I configured for exchange2000. I believe there is a
redirect that is causing the proxy to spin it's gears, as the mail
folder list never gets populated with mail messages. So, if someone
here has a suggestion with regards to this issue, or if there is a way
to stop letting Exchange 2003 know that the client is IE on windows, it
would be very helpful.
You quite likely need to use the above Squid-3 feature for this to work properly..
Modern Exchange OWA installations uses WebDAV for folder access etc when
accessed by MSIE clients and this requires that OWA knows exacly by which
means it is accessed. Any front-end server such as a Squid reverse proxy
MUST NOT modify the URL (including the host component) and if the
front-end uses SSL while using plain HTTP to the OWA server then it must
tell so to the OWA by using the custom X-Front-End-HTTPS header.
Regards Henrik
---=---=--- Jonathan Giles Senior Unix Administrator Cline Davis Mann --- Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply e-mail. Please advise immediately if you or your employer do not consent to Internet e-mail of this kind. Opinions, conclusions, and other information in this message that do not relate to the official business of CDM shall be understood as neither given nor endorsed by it.
