Hi All. I'm currenlty working on a Squid Reverse Proxy to share some website located in my internal network. One of them is Citrix Xenapp 6.5. I'm able to access my Web Interface of Citrix, but not able to launch application. I know that I can use Citrix Secure Gateway, but I try to figure out if I can avoid using CSG and only use Squid as a reverse proxy for that Web Site. I know that citrix is ICA over SSL. I tried different configuration and not able to launch any application. I just want ot know if it's possible to use Squid to replace CSG and ICA over SSL in Squid? My Setup Client -> Firewall -> Squid -> Firewall -> XenApp Srv XenApp Srv setup: Altaddr = 172.16.x.x Secure Access = Gateway Alternate (mycitrix.mydomain.com:443, http://10.0.x.x:81/Scripts/CtxSTA.dll) Firewall setup: Client to Squid = Redirect only 443 to 172.16.x.x Squid to XenApp = Redirect only 81, 80, 443, 1494 and 2598 to 10.0.x.x Squid setup: ... acl SSL_ports port 443 1494 2598 acl Safe_ports port 80 # http .... http_access allow localhost manager http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost ... cache_peer 10.0.x.x parent 443 0 no-query no-digest originserver name=citrix ssl sslcert=/data/certificates/mycitrix.pem sslflags=DONT_VERIFY_PEER,DONT_VERIFY_DOMAIN acl site_citrix dstdomain mycitrix.mydomain.com cache_peer_access citrix allow site_citrix cache_peer_access citrix deny all never_direct allow site_citrix http_access allow site_citrix miss_access allow site_citrix miss_access deny all http_access deny all https_port 172.16.x.x:443 accel vhost cert=/data/certificates/mycitrix.pem ... The client connect to the web interface. The client is able to authenticate and get list of application. When the user click on an application, the Citrix receiver is trying to connect (Message indicated in the detail section), but nothing happen. In my firewall log, nothing is blocked for all of my public, dmz and internal ip address. In Squid access and cache log, I also have nothing. I try also the ProxyUseFQDN=on and nothing happen to. Am I missing a configuration in Squid or Web interface? In the web interface, there are a lot of configs that we can do. Thanks Jonathan
