Hello all, I looked through the FAQs and archives, but haven't found an answer to this issue. I am setting up a reverse proxy with SSL offloading on a Debian (Lenny) system with Squid3 for multiple sites/servers, including Outlook Web Access (2003). All sites except OWA work fine. SSL offloading works fine. I am able to get the OWA login page, but after attempting login squid displays: Invalid Response The HTTP Response message received from the contacted server could not be understood or was otherwise malformed. Please contact the site operator. Your cache administrator may be able to provide you with more details about the exact nature of the problem if needed. My config: https_port 172.16.10.25:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=host1.domain.com vhost https_port 172.16.10.26:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=host2.domain.com vhost https_port 172.16.10.27:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=host3.domain.com vhost https_port 172.16.10.28:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=host4.domain.com vhost https_port 172.16.10.29:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2 cipher=DEFAULT:!EXPORT:!LOW defaultsite=owa.domain.com vhost http_port 80 accel defaultsite=host1.bhamnews.com vhost forwarded_for on # PCI - hide header information via off reply_header_access Server deny all reply_header_access Other deny all reply_header_access X-Cache deny all reply_header_access X-Cache-Lookup deny all httpd_suppress_version_string on # Redirect selected sites to HTTPS url_rewrite_program /etc/squid3/redirect.pl url_rewrite_children 20 url_rewrite_host_header off # Host1 cache_peer 10.50.3.25 parent 80 0 no-query no-digest originserver name=rs login=PASS acl our_sites_rs dstdomain host1.domain.com cache_peer_access rs allow our_sites_rs # Host2 cache_peer 172.16.10.10 parent 80 0 no-query no-digest originserver name=smtp login=PASS acl our_sites_smtp dstdomain host2.domain.com cache_peer_access smtp allow our_sites_smtp # Host3 cache_peer 172.16.10.11 parent 80 0 no-query no-digest originserver name=smtp2 login=PASS acl our_sites_smtp2 dstdomain host3.domain.com cache_peer_access smtp2 allow our_sites_smtp2 # Host4 cache_peer 172.16.10.2 parent 80 0 no-query no-digest originserver name=web1 login=PASS acl our_sites_web1 dstdomain host4.domain.com cache_peer_access web1 allow our_sites_web1 # OWA cache_peer 10.50.3.244 parent 80 0 no-query no-digest originserver login=PASS name=owa acl our_sites_owa dstdomain owa.domain.com cache_peer_access owa allow our_sites_owa acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl blocked_urls url_regex host[2]*.domain.com/include http_access deny blocked_urls http_access allow our_sites_rs http_access allow our_sites_smtp http_access allow our_sites_smtp2 http_access allow our_sites_web1 http_access allow our_sites_owa http_access allow manager all http_access allow manager http_access deny !Safe_ports http_access deny all cache deny all # debug_options ALL,5 access_log /var/log/squid3/access.log squid cache_log /var/log/squid3/cache.log cache_store_log none refresh_pattern . 0 20% 4320 cache_mgr hostmaster@xxxxxxxxxx Thanks for your help! Randy Sargent The Birmingham News
