Hi list,
I'm trying to set up a squid reverse proxy for an Outlook Web Access
webmail server. I want the connection to squid to be encrypted with SSL,
but the connection to the web server to be simple HTTP, ie:
client_browser <---HTTPS---> squid <---HTTP---> outlook_web_access
Below is the config that I currently have on squid:
---------------------------------------
https_port 1.2.3.4:443 cert=/etc/shv-ssl/CertAuth/testcert.cert
key=/etc/shv-ssl/CertAuth/testkey.pem
cache_peer 10.0.0.1 parent 80 0 no-query originserver login=PASS
front-end-https=on name=OWA
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl CONNECT method CONNECT
# Deny requests to unknown ports
http_access deny !SSL_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
visible_hostname reverse-proxy.example.com
cache_access_log /var/log/squid/reverse-access.log
cache_log /var/log/squid/reverse-cache.log
cache_store_log /var/log/squid/reverse-store.log
---------------------------------------
I was getting errors telling me that the access was denied due to ACL
rules, but now I'm getting:
---------------------------------------
The following error was encountered:
* Invalid Request
Some aspect of the HTTP Request is invalid. Possible problems:
* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed
---------------------------------------
The squid access log has the following entry:
---------------------------------------
1222780606.494 46 83.67.67.3 TCP_DENIED/400 1586 GET
error:invalid-request - NONE/- text/html
---------------------------------------
Can anyone give me any idea of where I'm going wrong?
Russ
---
This message has been scanned by the Navaho Mail Service and is believed to be clean.
---
