Amos, See responses to your questions below. Thanks. > > I have one instance of squid is configured for forward web proxy and > > accelerator for OWA (per the wiki). In order for users to avoid changing > > their proxy settings, I need the forward proxy to be able to access OWA > > going out and back in as follows: > > > > Host on internal net -> forward proxy -> accelerator -> OWA server on > > internal net > > > > It seems like this should work. When I try to access OWA from an > > internal host, the browser hangs and the following eventually appears in > > access.log: > > > > 1233516965.141 12567 [internal host IP] TCP_MISS/000 0 CONNECT > > owa.domain.com:443 - FIRST_UP_PARENT/[owa server IP] - > > > > Any ideas would be most appreciated. > > > > Thanks, > > Alan > > > > (Assuming you have squid-2.6 or later) 3.1.0.3 > > The basic config: > > You can multi-mode squid. Ensure that the reverse-proxy settings are all > at the top of the squid.conf and any forward-proxy settings are following > at the bottom. > Also, the "http_access deny all" detailed to finish the reverse-proxy > config gets removed so that on non-reversed requests squid can drop > through and run the forward-proxy settings. Yup. That's the way it is. My complete config is posted on bug 2572. > > Specific to your loop-back problem: > > You need to adjust your reverse-proxy configuration to block the CONNECT > method being used to access the peers. Sorry, but can you elaborate on this? > > Then check that the domain IP Squid resolves owa.domain.com to is its own > listening https_port. It does: a.b.c.96 > > Amos > CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
