> >> Specific to your loop-back problem:
> >>
> >> You need to adjust your reverse-proxy configuration to block the
> > CONNECT
> >> method being used to access the peers.
> >
> > Sorry, but can you elaborate on this?
>
>
> The "internal net -> forward proxy" step of the chain uses a CONNECT
> request.
>
> cache_peer BLAH deny CONNECT
>
> is needed to force "internal net -> forward proxy ->
accelerator(self)"
>
> Otherwise requests like "CONNECT owa:443" will be optimized as
> "internal
> net -> accelerator -> OWA ". Even though OWA does not handle CONNECT.
>
> Blocking CONNECT to peer, forces config down to the forward-proxy
> config
> which _is_ allowed to do the looping back bit an de-tunneling the
> CONNECT.
>
As far as I can see, cache_peer doesn't allow a deny parameter, so I
tried the following and get "the requested URL cannot be retried". At
least it's not just hanging:
cache_peer blah
acl OWA dstdomain owa.domain.com
http_access allow OWA
miss_access allow OWA
acl CONNECT method CONNECT
cache_peer_access owa-server deny CONNECT
cache_peer_access owa-server allow OWA
never_direct allow OWA
[normal forward proxy config below]
Thanks,
Alan
Alan Lehman, PE
Associate
alehman_at_gbateam.com
creating remarkable solutions for a higher quality of life
http://www.gbateam.com
9801 Renner Boulevard | Lenexa, KS 66219-9745
913.577.8829 direct | 816.210.8785 mobile | 913.577.8264 fax
Please consider the environment before printing this email.
CONFIDENTIALITY NOTICE: This e-mail message including attachments, if any, is intended for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Received on Sun Feb 15 2009 - 19:28:47 MST
This archive was generated by hypermail 2.2.0 : Sun Feb 22 2009 - 12:00:01 MST