> >> Specific to your loop-back problem: > >> > >> You need to adjust your reverse-proxy configuration to block the > > CONNECT > >> method being used to access the peers. > > > > Sorry, but can you elaborate on this? > > > The "internal net -> forward proxy" step of the chain uses a CONNECT > request. > > cache_peer BLAH deny CONNECT > > is needed to force "internal net -> forward proxy -> accelerator(self)" > > Otherwise requests like "CONNECT owa:443" will be optimized as > "internal > net -> accelerator -> OWA ". Even though OWA does not handle CONNECT. > > Blocking CONNECT to peer, forces config down to the forward-proxy > config > which _is_ allowed to do the looping back bit an de-tunneling the > CONNECT. > As far as I can see, cache_peer doesn't allow a deny parameter, so I tried the following and get "the requested URL cannot be retried". At least it's not just hanging: cache_peer blah acl OWA dstdomain owa.domain.com http_access allow OWA miss_access allow OWA acl CONNECT method CONNECT cache_peer_access owa-server deny CONNECT cache_peer_access owa-server allow OWA never_direct allow OWA [normal forward proxy config below] Thanks, Alan Alan Lehman, PE Associate alehman@xxxxxxxxxxx creating remarkable solutions for a higher quality of life http://www.gbateam.com 9801 Renner Boulevard | Lenexa, KS 66219-9745 913.577.8829 direct | 816.210.8785 mobile | 913.577.8264 fax Please consider the environment before printing this email. CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
