On 12/03/2012 6:53 p.m., kadvar wrote:
> Hi,
>
> I have searched for other posts with the same problem but the workarounds
> that worked for them did'nt work for me. I am trying to configure a squid
> reverse proxy with ssl support. I have squid on 192.168.124.41 with apache
> on 127.0.0.1 on the same box. I also have two other webservers (1 apache, 1
> IIS). Squid is configured to direct any requests for asp pages to iis and
> the rest to the apache machine.
>
> I have also configured squid to use https, the programmer has set up a 302
> redirect on the iis machine so that visiting http://example.com/Login.aspx
> redirects to https://example.com/Login.aspx. Squid redirects fine but after
> that gives me a "The page isn't redirecting properly". Running wget shows
> that squid is going into an endless loop. I have reproduced squid.conf and
> also the wget output below.
>
> $wget --no-check http://192.168.124.41/Login.aspx
> --2012-03-12 11:06:53-- http://192.168.124.41/Login.aspx
> Connecting to 192.168.124.41:80... connected.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location: https://example.com/Login.aspx [following]
> --2012-03-12 11:06:53-- https://example.com/Login.aspx
> Resolving example.com... 192.168.124.41
> Connecting to example.com|192.168.124.41|:443... connected.
> WARNING: cannot verify example.com’s certificate, issued by
> “/C=IN/ST=AP/L=Default City/O=Default Company
> Ltd/CN=example.com/emailAddress=admin_at_example.com”:
> Unable to locally verify the issuer’s authority.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location: https://example.com/memberplanet/Login.aspx [following]
>
> and so on..............
The problem is that Squid is sending HTTPS traffic to an HTTP port on
IIS. Requests to origin servers do not include anything specifically
saying HTTPS or HTTPS. The server tells that from the port its receiving
the request on.
There is a trick you can add to your squid.conf to split traffic between
two ports on the IIS peer....
>
> ##########################
> squid.conf
> #########################
> http_port 192.168.124.41:80 accel defaultsite=example.com
>
> https_port 192.168.124.41:443 accel
> cert=/usr/newrprgate/CertAuth/testcert.cert
> key=/usr/newrprgate/CertAuth/testkey.pem defaultsite=example.com
>
> acl rx_aspx urlpath_regex -i \.asp[x]*
acl HTTPS proto HTTPS
> cache_peer 192.168.124.169 parent 80 0 no-query no-digest originserver
> name=aspserver
cache_peer_access aspserver deny HTTPS
> cache_peer_access aspserver allow rx_aspx
> cache_peer_access aspserver deny all
cache_peer 192.168.124.169 parent 443 0 no-query no-digest originserver
name=aspserverSSL
cache_peer_access aspserverSSL allow HTTPS rx_aspx
cache_peer_access aspserverSSL deny all
>
> cache_peer 127.0.0.1 parent 80 0 no-query originserver name=wb1
> cache_peer_access wb1 deny rx_aspx
>
> acl origin_servers dstdomain .example.com
> http_access allow origin_servers
> http_access deny all
> ###########################
>
> I'd appreciate it if someone could give me some clues as to what I'm doing
> wrong.
That should fix the looping.
Amos
Received on Mon Mar 12 2012 - 11:38:30 MDT
This archive was generated by hypermail 2.2.0 : Tue Mar 13 2012 - 12:00:09 MDT