On 2/01/2012 1:52 p.m., Roman Gelfand wrote:
My squid server 3.1.6 sits in dmz. On this server, I am running apache server 2.2.9. My goal is to a) cash owa responses b) forward https owa requests to the Apache server on port 8443 c) The Apache server forwards the request to internal exchange server.
Why bother with relaying it through Apache? Squid does the job of being a proxy better than Apache web server can. Particularly since you already have the traffic going through a Squid.
Below, is my squid reverse proxy configuration. The domain webmail.mydomain.com resolves to the of external interface of the exchange server. However, I am saying, in configuration, that cache_peer is localhost. Nevertheless, the https request is never forwarded to apache server. Rather, it is going directly to the external interface of the exchange server. Where am I going wrong here?
You have not provided any info about what the client traffic is actually requesting and what the Apache server is responding with when squid tries to pass the requests there.
You are missing the cache_peer_access rules to limit what traffic goes through Apache. So everything will be attempted.
You are missing never_direct rules denying Squid direct contact with the requested domain server.
hierarchy_stoplist cgi-bin acl QUERY urlpath_regex cgi-bin shutdown_lifetime 1 second visible_hostname webmail.mydomain.com #1GB disk cache cache_dir ufs /usr/local/squid/var/cache 1024 16 256 maximum_object_size 5 MB cache_mem 1024 MB cache_swap_low 90 cache_swap_high 95 maximum_object_size_in_memory 512 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap LFUDA https_port 443 cert=/etc/apache2/certs/pkey.pem key=/etc/apache2/certs/sitecert.key vhost vport cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver sslflags=DONT_VERIFY_PEER front-end-https login=PASS Thanks in advance