On 12/03/2012 6:53 p.m., kadvar wrote:
Hi,
I have searched for other posts with the same problem but the workarounds
that worked for them did'nt work for me. I am trying to configure a squid
reverse proxy with ssl support. I have squid on 192.168.124.41 with apache
on 127.0.0.1 on the same box. I also have two other webservers (1 apache, 1
IIS). Squid is configured to direct any requests for asp pages to iis and
the rest to the apache machine.
I have also configured squid to use https, the programmer has set up a 302
redirect on the iis machine so that visiting http://example.com/Login.aspx
redirects to https://example.com/Login.aspx. Squid redirects fine but after
that gives me a "The page isn't redirecting properly". Running wget shows
that squid is going into an endless loop. I have reproduced squid.conf and
also the wget output below.
$wget --no-check http://192.168.124.41/Login.aspx
--2012-03-12 11:06:53-- http://192.168.124.41/Login.aspx
Connecting to 192.168.124.41:80... connected.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://example.com/Login.aspx [following]
--2012-03-12 11:06:53-- https://example.com/Login.aspx
Resolving example.com... 192.168.124.41
Connecting to example.com|192.168.124.41|:443... connected.
WARNING: cannot verify example.com’s certificate, issued by
“/C=IN/ST=AP/L=Default City/O=Default Company
Ltd/CN=example.com/emailAddress=ad...@example.com”:
Unable to locally verify the issuer’s authority.
HTTP request sent, awaiting response... 302 Moved Temporarily
Location: https://example.com/memberplanet/Login.aspx [following]
and so on..............
The problem is that Squid is sending HTTPS traffic to an HTTP port on
IIS. Requests to origin servers do not include anything specifically
saying HTTPS or HTTPS. The server tells that from the port its receiving
the request on.
There is a trick you can add to your squid.conf to split traffic between
two ports on the IIS peer....
##########################
squid.conf
#########################
http_port 192.168.124.41:80 accel defaultsite=example.com
https_port 192.168.124.41:443 accel
cert=/usr/newrprgate/CertAuth/testcert.cert
key=/usr/newrprgate/CertAuth/testkey.pem defaultsite=example.com
acl rx_aspx urlpath_regex -i \.asp[x]*
acl HTTPS proto HTTPS
cache_peer 192.168.124.169 parent 80 0 no-query no-digest originserver
name=aspserver
cache_peer_access aspserver deny HTTPS
cache_peer_access aspserver allow rx_aspx
cache_peer_access aspserver deny all
cache_peer 192.168.124.169 parent 443 0 no-query no-digest originserver
name=aspserverSSL
cache_peer_access aspserverSSL allow HTTPS rx_aspx
cache_peer_access aspserverSSL deny all
cache_peer 127.0.0.1 parent 80 0 no-query originserver name=wb1
cache_peer_access wb1 deny rx_aspx
acl origin_servers dstdomain .example.com
http_access allow origin_servers
http_access deny all
###########################
I'd appreciate it if someone could give me some clues as to what I'm doing
wrong.
That should fix the looping.
Amos
