On 12/03/2012 6:53 p.m., kadvar wrote:
Hi, I have searched for other posts with the same problem but the workarounds that worked for them did'nt work for me. I am trying to configure a squid reverse proxy with ssl support. I have squid on 192.168.124.41 with apache on 127.0.0.1 on the same box. I also have two other webservers (1 apache, 1 IIS). Squid is configured to direct any requests for asp pages to iis and the rest to the apache machine. I have also configured squid to use https, the programmer has set up a 302 redirect on the iis machine so that visiting http://example.com/Login.aspx redirects to https://example.com/Login.aspx. Squid redirects fine but after that gives me a "The page isn't redirecting properly". Running wget shows that squid is going into an endless loop. I have reproduced squid.conf and also the wget output below. $wget --no-check http://192.168.124.41/Login.aspx --2012-03-12 11:06:53-- http://192.168.124.41/Login.aspx Connecting to 192.168.124.41:80... connected. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://example.com/Login.aspx [following] --2012-03-12 11:06:53-- https://example.com/Login.aspx Resolving example.com... 192.168.124.41 Connecting to example.com|192.168.124.41|:443... connected. WARNING: cannot verify example.com’s certificate, issued by “/C=IN/ST=AP/L=Default City/O=Default Company Ltd/CN=example.com/emailAddress=admin@xxxxxxxxxxx”: Unable to locally verify the issuer’s authority. HTTP request sent, awaiting response... 302 Moved Temporarily Location: https://example.com/memberplanet/Login.aspx [following] and so on..............
The problem is that Squid is sending HTTPS traffic to an HTTP port on IIS. Requests to origin servers do not include anything specifically saying HTTPS or HTTPS. The server tells that from the port its receiving the request on.
There is a trick you can add to your squid.conf to split traffic between two ports on the IIS peer....
########################## squid.conf ######################### http_port 192.168.124.41:80 accel defaultsite=example.com https_port 192.168.124.41:443 accel cert=/usr/newrprgate/CertAuth/testcert.cert key=/usr/newrprgate/CertAuth/testkey.pem defaultsite=example.com acl rx_aspx urlpath_regex -i \.asp[x]*
acl HTTPS proto HTTPS
cache_peer 192.168.124.169 parent 80 0 no-query no-digest originserver name=aspserver
cache_peer_access aspserver deny HTTPS
cache_peer_access aspserver allow rx_aspx cache_peer_access aspserver deny all
cache_peer 192.168.124.169 parent 443 0 no-query no-digest originserver name=aspserverSSL
cache_peer_access aspserverSSL allow HTTPS rx_aspx cache_peer_access aspserverSSL deny all
cache_peer 127.0.0.1 parent 80 0 no-query originserver name=wb1 cache_peer_access wb1 deny rx_aspx acl origin_servers dstdomain .example.com http_access allow origin_servers http_access deny all ########################### I'd appreciate it if someone could give me some clues as to what I'm doing wrong.
That should fix the looping. Amos
