Re: [squid-users] URL can not be retrieved

From: Rakesh Kumar <[email protected]>
Date: Mon, 8 Mar 2004 10:43:52 +0300

I have tried httpd_accel directives. The configiration is :

http_port 8080
https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem
acl it_net src e.f.g.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
httpd_accel_host i.j.k.l
httpd_accel_port 443
httpd_accel_single_host on
httpd_accel_with_proxy on
#acl acceleratedHost dst i.j.k.l
acl accel_servers dst i.j.k.l
#acl acceleratedPort 443
acl port443 port 443
acl http protocol http
http_access allow accel_servers http port443
http_access allow it_net
http_access deny all

When I enter https://mail.xyz.com I get alert messages telling that "The
document contains no data" and cache.log registers following error:

2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL connection on
FD
10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request

Regards,

Rakesh Kumar Jha

*************************************************************
> Now we want to encrypt the mail.xyz.com. For this I have installed
> RH-9, Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following
> config -
>
> http_port 8080
> https_port 443 cert=/usr/local/ssl/cacert.pem
> key=/usr/local/ssl/privkey.pem
>
> acl it_net src e.f.g.0/255.255.255.0
> http_access allow it_net

You also need to enable acceleration/reverse proxying. See the
httpd_accel_* directivves.

Regards
Henrik
********************************************************
Let me explain our environment...we were running as http://mail.xyz.com. Our
DNS would resolve to IP a.b.c.d and the external firewall will translate
this legal IP to private IP - e.f.g.h which was Squid Reverse Proxy (Squid
V2.4). The squid revserse proxy was accerlerating exchange server OWA IP -
i.j.k.l. There is another firewall between Squid reverse proxy and exchange
server/OWA. This firewall allows traffice between these two on port 80. It
worked perfectly.

http://mail.xyz.com -->>Firewall-1 NAT -->>Squid Reverse
proxy -->>Firewall-2 ---->>>> OWA
 IP a.b.c.d -------->>> NAT --->>>>>>> IP e.f.g.h ------------->>> Port
   ----->> IP i.j.k.l

Now we want to encrypt the mail.xyz.com. For this I have installed RH-9,
Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following config -

http_port 8080
https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem

acl it_net src e.f.g.0/255.255.255.0
http_access allow it_net

1. From Squid proxy when I say https://i.j.k.l I can acces the mails.
2. But from anywher else including proxy server if I say
https://mail.xyz.com or https://a.b.c.d I get error URL: / cannot be
retrieved. Why the IP is getting stripped?

Regards,

Rakesh Kumar Jha

#####################################################################################
DISCLAIMER
Any non-official business related views, opinions and other information presented
in this electronic mail are solely those of the sender/author. Burgan Bank does not
endorse or accept responsibility for these opinions, views or conclusions.

If you are not the addressee indicated in this electronic mail or responsible for
delivering this electronic message to the inteded recipient, you should delete this
message and notify the sender immediately.

Burgan Bank
#####################################################################################
Received on Mon Mar 08 2004 - 00:59:36 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST