Search squid archive

Re: TCP_MISS/401 with rpc over https

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 01/06/11 01:26, Ori Besser wrote:

Hello,
I am trying to use squid as a reverse proxy to a Remote Desktop
Gateway server (part of MS Win Server 2008 R2 Remote Desktop Services)
with no success, I am just getting the login prompt over and over
again and in the access log: TCP_MISS/401 373 RPC_OUT_DATA
https://mydomain/rpc/rpcproxy.dll? - DEFAULT_PARENT/rdsServer
text/plain.

I am using Squid Cache: Version 3.2.0.8 and this is my squid.conf:

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 acl localnet src
10.0.0.0/8 acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access allow localnet
http_access allow localhost

hierarchy_stoplist cgi-bin ?

cache_dir ufs /var/cache/squid 1024 16 256

cache_effective_user proxy
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
store.log is rarely useful and wastes a lot of Disk IO. You can erase this line to gain a bit of speed. 


coredump_dir /var/cache

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

https_port 443 cert=/etc/squid/certs/x.crt key=/etc/squid/certs/x.key
accel defaultsite=my_external_domain_name
cache_peer ip_of_rd_gateway parent 443 0 no-query originserver
login=PASS connection-auth=on ssl name=rdsServer default

acl RDS dstdomain my_external_domain_name
cache_peer_access rdsServer allow RDS
cache_peer_access rdsServer deny all
http_access allow RDS
http_access deny all
miss_access allow RDS
miss_access deny all


The certificate is OK, I have no issues connecting to the rd web
access site and even authenticate on it, just when a connection is
attempted to the rd gateway I am getting the login prompts.

Does anyone knows about some magic that can solve this?

Thanks.


 http://wiki.squid-cache.org/ConfigExamples/Reverse/ExchngeRpc
* login=PASS uses Basic auth protocol. Check that Exchange is configured to match. 

NP: for something more secure 3.2 can do login=NEGOTIATE for Kerberos.
You may also be able to use "login=PASSTHRU connection-auth=on", but we have not checked that yet with Exchange. 

Amos
--
Please be using
  Current Stable Squid 2.7.STABLE9 or 3.1.12
  Beta testers wanted for 3.2.0.8 and 3.1.12.2
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux