Hello all,
I looked through the FAQs and archives, but haven't found an answer to
this issue.
I am setting up a reverse proxy with SSL offloading on a Debian (Lenny)
system with Squid3 for multiple sites/servers, including Outlook Web
Access (2003).
All sites except OWA work fine. SSL offloading works fine. I am able
to get the OWA login page, but after attempting login squid displays:
Invalid Response
The HTTP Response message received from the contacted server could not
be understood or was otherwise malformed. Please contact the site
operator. Your cache administrator may be able to provide you with more
details about the exact nature of the problem if needed.
My config:
https_port 172.16.10.25:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt
key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=host1.domain.com vhost
https_port 172.16.10.26:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt
key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=host2.domain.com vhost
https_port 172.16.10.27:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt
key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=host3.domain.com vhost
https_port 172.16.10.28:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt
key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=host4.domain.com vhost
https_port 172.16.10.29:443 cert=/usr/rprgate/CertAuth/_.domain.com.crt
key=/usr/rprgate/CertAuth/key.pem options=NO_SSLv2
cipher=DEFAULT:!EXPORT:!LOW defaultsite=owa.domain.com vhost
http_port 80 accel defaultsite=host1.bhamnews.com vhost
forwarded_for on
# PCI - hide header information
via off
reply_header_access Server deny all
reply_header_access Other deny all
reply_header_access X-Cache deny all
reply_header_access X-Cache-Lookup deny all
httpd_suppress_version_string on
# Redirect selected sites to HTTPS
url_rewrite_program /etc/squid3/redirect.pl
url_rewrite_children 20
url_rewrite_host_header off
# Host1
cache_peer 10.50.3.25 parent 80 0 no-query no-digest originserver
name=rs login=PASS
acl our_sites_rs dstdomain host1.domain.com
cache_peer_access rs allow our_sites_rs
# Host2
cache_peer 172.16.10.10 parent 80 0 no-query no-digest originserver
name=smtp login=PASS
acl our_sites_smtp dstdomain host2.domain.com
cache_peer_access smtp allow our_sites_smtp
# Host3
cache_peer 172.16.10.11 parent 80 0 no-query no-digest originserver
name=smtp2 login=PASS
acl our_sites_smtp2 dstdomain host3.domain.com
cache_peer_access smtp2 allow our_sites_smtp2
# Host4
cache_peer 172.16.10.2 parent 80 0 no-query no-digest originserver
name=web1 login=PASS
acl our_sites_web1 dstdomain host4.domain.com
cache_peer_access web1 allow our_sites_web1
# OWA
cache_peer 10.50.3.244 parent 80 0 no-query no-digest originserver
login=PASS name=owa
acl our_sites_owa dstdomain owa.domain.com
cache_peer_access owa allow our_sites_owa
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl blocked_urls url_regex host[2]*.domain.com/include
http_access deny blocked_urls
http_access allow our_sites_rs
http_access allow our_sites_smtp
http_access allow our_sites_smtp2
http_access allow our_sites_web1
http_access allow our_sites_owa
http_access allow manager all
http_access allow manager
http_access deny !Safe_ports
http_access deny all
cache deny all
# debug_options ALL,5
access_log /var/log/squid3/access.log squid
cache_log /var/log/squid3/cache.log
cache_store_log none
refresh_pattern . 0 20% 4320
cache_mgr hostmaster_at_domain.com
Thanks for your help!
Randy Sargent
The Birmingham News
Received on Mon Sep 14 2009 - 18:22:41 MDT
This archive was generated by hypermail 2.2.0 : Tue Sep 15 2009 - 12:00:02 MDT