> > Scenario:
> >
> > WWW<--SSL-->[Squid 2.26 Reverse
Proxy]<--SSL-->[firewall]<--SSL-->[Apache web server]
> >
I have the above scenario created like so:
squid.conf
-------------------
http_port proxyserver.com:80
https_port proxyserver:443 cert=/etc/httpd/conf.d/squid.crt
key=/etc/httpd/conf.d/squid.key defaultsite=webserver.com:8443
cache_peer webserver.com parent 8443 0 no-query originserver
cache_effective_user squid
cache_effective_group squid
maximum_object_size_in_memory 5 MB
cache_mem 256 MB
cache_swap_low 94
cache_swap_high 98
maximum_object_size 1 GB
cache_dir ufs /var/spool/squid 20480
256 256
cache_mgr me@xxxxxx
visible_hostname webserver.com
memory_pools on
memory_pools_limit 32 MB
logformat combined %{Host}>h %>a %ui
%un [%tl] "%rm %r
u HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat vcombined %{Host}>h %>a %ui
%un [%tl] "%rm %
ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h"
access_log /var/log/squid/access.log
combined
access_log /var/log/squid/vaccess.log
vcombined
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
logfile_rotate 60
collapsed_forwarding on
vary_ignore_expire on
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl accel_hosts dst webserver.com proxyserver.com
acl SSL_ports port 443 563
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
http_access allow accel_hosts
http_access allow manager localhost
http_access deny manager
http_access deny all
---------------------
However, attempting to browse to the page gives a 400 Bad Request error.
In the squid access.log, all requests produce TCP_MISS:FIRST_UP_PARENT
>From the proxy server, I can open a web browser and view
https://webserver.com:8443, so I know there isn't anything at the
firewall level blocking it.
Anyone have any suggestions?
