Now, you got me curious.
k.. I would the reverse proxy to control which server a web request
1) in case of https, forwarded to a web server box based on path 2)
in case of http, forwarded based on url and/or path.
Please, let me know if this is doable with squid. If so, by all
means, I would like to use squid. If you, have an example, I would
greatly appreciate it.
BTW... if 2) could be done with ssl, I would appreciate an example.
Thanks for your help.
On Mon, Jan
2, 2012 at 10:16 AM, Amos Jeffries <squid3_at_treenet.co.nz> wrote:
> On 2/01/2012 1:52 p.m., Roman Gelfand wrote:
>>
>> My squid server 3.1.6 sits in dmz. On this server, I am running
>> apache server 2.2.9. My goal is to a) cash owa responses b) forward
>> https owa requests to the Apache server on port 8443 c) The Apache
>> server forwards the request to internal exchange server.
>
>
> Why bother with relaying it through Apache? Squid does the job of being a
> proxy better than Apache web server can. Particularly since you already have
> the traffic going through a Squid.
>
>
>>
>> Below, is my squid reverse proxy configuration. The domain
>> webmail.mydomain.com resolves to the of external interface of the
>> exchange server. However, I am saying, in configuration, that
>> cache_peer is localhost. Nevertheless, the https request is never
>> forwarded to apache server. Rather, it is going directly to the
>> external interface of the exchange server.
>>
>> Where am I going wrong here?
>
>
> You have not provided any info about what the client traffic is actually
> requesting and what the Apache server is responding with when squid tries to
> pass the requests there.
>
> You are missing the cache_peer_access rules to limit what traffic goes
> through Apache. So everything will be attempted.
>
> You are missing never_direct rules denying Squid direct contact with the
> requested domain server.
>
>
>>
>> hierarchy_stoplist cgi-bin
>> acl QUERY urlpath_regex cgi-bin
>> shutdown_lifetime 1 second
>> visible_hostname webmail.mydomain.com
>>
>> #1GB disk cache
>> cache_dir ufs /usr/local/squid/var/cache 1024 16 256
>>
>> maximum_object_size 5 MB
>> cache_mem 1024 MB
>> cache_swap_low 90
>> cache_swap_high 95
>> maximum_object_size_in_memory 512 KB
>>
>> cache_replacement_policy heap LFUDA
>> memory_replacement_policy heap LFUDA
>>
>> https_port 443 cert=/etc/apache2/certs/pkey.pem
>> key=/etc/apache2/certs/sitecert.key vhost vport
>> cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver
>> sslflags=DONT_VERIFY_PEER front-end-https login=PASS
>>
>> Thanks in advance
>
>
Received on Mon Jan 02 2012 - 18:33:57 MST
This archive was generated by hypermail 2.2.0 : Wed Jan 04 2012 - 12:00:04 MST