Killing-Time@xxxxxx wrote:
Hi everyone,
After a long period of trying and testing, i got squid to work as a transparent reverse proxy.
The final goal is to place it in front of our company outlook web access server, and I'm trying to get there in small steps.
My current problem:
Squid works exactly as it should when connecting to a simple html test site with only text, but when I try to connect to our OWA server through squid, I get the following error message:
ERROR
The requested URL could not be retrieved
--------------------------------------------------------------------------------
While trying to retrieve the URL: http://office-pc39:11994/exchange
The following error was encountered:
Unable to forward this request at this time.
This request could not be forwarded to the origin server or to any parent >caches. The most likely cause for this error is that:
The cache administrator does not allow this cache to make direct >connections to origin servers, and
All configured parent caches are currently unreachable.
Your cache administrator is webmaster.
--------------------------------------------------------------------------------
Generated Fri, 09 Nov 2007 17:20:00 GMT by office-pc39.local.company.com (squid/2.6.STABLE16)
I have a feeling we say you a while earlier. yes?
Does the OWA server really respond to "office-pc39:11994/exchange" normally?
The html test site is located on the same machine as the OWA server.
My current squid.conf:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 11994
acl CONNECT method CONNECT
... none of which are used for anything. nice.
http_access allow all
You have an open proxy. Yaya! free internet for the world.
http_port 11994 transparent
cache_peer 300.200.80.254 parent 80 0 default
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
access_log c:/squid/var/logs/access.log squid
coredump_dir c:/squid/var/cache
---END of squid.conf
Does anyone have an idea why this works with normal html, but not with the OWA server?
M$ don't like the color black?
Oh well, you need:
- acl + http_access to block world requesting external websites,
restricting it to the ones you are providing, and/or to internal users only.
- acl + cache_peer_access to restrict the requests going to the OWA
server to ones it knows about and can handle.
- defaultsite on the http_port to fix from all the broken clients out
there.
- check squid is the one listening on the domain OWA is being
provided. OWA server only need to know what the domain is, to be
resolved from it.
Amos
