Now, you got me curious. k.. I would the reverse proxy to control which server a web request 1) in case of https, forwarded to a web server box based on path 2) in case of http, forwarded based on url and/or path. Please, let me know if this is doable with squid. If so, by all means, I would like to use squid. If you, have an example, I would greatly appreciate it. BTW... if 2) could be done with ssl, I would appreciate an example. Thanks for your help. On Mon, Jan 2, 2012 at 10:16 AM, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > On 2/01/2012 1:52 p.m., Roman Gelfand wrote: >> >> My squid server 3.1.6 sits in dmz. On this server, I am running >> apache server 2.2.9. My goal is to a) cash owa responses b) forward >> https owa requests to the Apache server on port 8443 c) The Apache >> server forwards the request to internal exchange server. > > > Why bother with relaying it through Apache? Squid does the job of being a > proxy better than Apache web server can. Particularly since you already have > the traffic going through a Squid. > > >> >> Below, is my squid reverse proxy configuration. The domain >> webmail.mydomain.com resolves to the of external interface of the >> exchange server. However, I am saying, in configuration, that >> cache_peer is localhost. Nevertheless, the https request is never >> forwarded to apache server. Rather, it is going directly to the >> external interface of the exchange server. >> >> Where am I going wrong here? > > > You have not provided any info about what the client traffic is actually > requesting and what the Apache server is responding with when squid tries to > pass the requests there. > > You are missing the cache_peer_access rules to limit what traffic goes > through Apache. So everything will be attempted. > > You are missing never_direct rules denying Squid direct contact with the > requested domain server. > > >> >> hierarchy_stoplist cgi-bin >> acl QUERY urlpath_regex cgi-bin >> shutdown_lifetime 1 second >> visible_hostname webmail.mydomain.com >> >> #1GB disk cache >> cache_dir ufs /usr/local/squid/var/cache 1024 16 256 >> >> maximum_object_size 5 MB >> cache_mem 1024 MB >> cache_swap_low 90 >> cache_swap_high 95 >> maximum_object_size_in_memory 512 KB >> >> cache_replacement_policy heap LFUDA >> memory_replacement_policy heap LFUDA >> >> https_port 443 cert=/etc/apache2/certs/pkey.pem >> key=/etc/apache2/certs/sitecert.key vhost vport >> cache_peer 127.0.0.1 parent 8443 0 ssl no-query originserver >> sslflags=DONT_VERIFY_PEER front-end-https login=PASS >> >> Thanks in advance > >
