Hello Henrik

thanks for your help. I have changed my configuration like this:

https_port cert=/opt/squid/etc/cert/server.crt
key=/opt/squid/etc/cert/server.pem defaultsite=exchange.testnetz.de

i think defaultsite is ok. before i have modified the dns, the clients have
connect with "http://exchange.testnetz.de/exchange"; the OWA.

cache_peer parent 80 0 originserver proxy-only no-query
no-digest front-end-https=on login=pass is the IP of the Exchange server (exchange.testnetz.de). My
client is connecting the squid with https. Squid try to connect with port
443 (https) the Exchange server but my Exchange is listen to port 80:

09:50:50.341989 > S
2333132721:2333132721(0) win 5840 <mss 1460,sackOK,timestamp 1013352
0,nop,wscale 0> (DF)
09:50:50.342175 > R 0:0(0) ack
2333132722 win 0

I have found a patch for a similiare problem "cache_peer originserver
connects to wrong port".
If i try to apply this patch, i see the following errors:

squid:/usr/src# ls -la
total 53060
drwxrwsr-x    9 root     src          4096 Dec 23 10:49 .
drwxr-xr-x   12 root     root         4096 Nov 15 13:17 ..
drwxrwxrwx   14 1012     1012         4096 Aug 16  2003 squid-3.0-PRE3
lrwxrwxrwx    1 root     src            14 Dec 22 11:02 squid3 ->
squid:/usr/src#patch -p0 < squid-3.0.PRE3-originserver_port.patch
patching file squid3/src/forward.cc
Hunk #1 FAILED at 576.
1 out of 1 hunk FAILED -- saving rejects to file squid3/src/forward.cc.rej

Is this patch required ?


> On Tue, 21 Dec 2004, Glatzel Tino wrote:
> > Hello Henrik,
> >
> >
> > I have tested squid-3.0pre3 the last three days, but 
> without success. 
> > I access with the browser of my client to exchange.testnetz.de with 
> > https. I see the authentication dialog an with netstat -an 
> i see the 
> > connections from the client to the squid with port 443. If 
> i press the 
> > OK-Button in the authentication dialog i see a message 
> like: "You will 
> > left a secure internetconnection" if i press the OK-Button a new 
> > authentication dialog pops up. At the client i see the 
> connection with 
> > port 80 to the squid. My client resolves the name of the 
> Exchange with 
> > the ip of the squid. The Squid resolves the name of the 
> Exchange with 
> > the real ip-address. Squid is compiled with:
> >
> > ./configure --prefix=/opt/squid-3.0-PRE3 
> > --exec-prefix=/opt/squid-3.0-PRE3 --enable-ssl 
> > --enable-x-accelerator-vary make make install
> >
> > squid.conf:
> >
> > http_port accel defaultsite=exchange.testnetz.de
> >
> > https_port accel defaultsite=exchange.testnetz.de 
> > protocol=http cert=/opt/squid/etc/cert/server.crt
> > key=/opt/squid/etc/cert/server.pem
> Don't use protocol=.. there
> And the defaultsite=.. should be the exact name you are 
> requesting in the 
> browser, not the actual server name.
> if unsure use the vhost option in which case Squid will 
> automatically pick 
> up whatever you typed in your browser and forward this to OWA 
> for use when 
> rendering links within the OWA application.
> > cache_peer exchange.testnetz.de parent 80 0 proxy-only originserver 
> > forceddomain=exchange.testnetz.de front-end-https=on
> Since you accept both http and https you should use 
> front-end-https=auto
> Don't use forceddomain. This is only needed in a very special case 
> involving redundant servers needing to be called by their 
> explicit name.
> Regards
> Henrik

Reply via email to