Re: [squid-users] Re: SSL Reverse Proxy to Exchange 2003 OWA

From: Rakesh Kumar <[email protected]>
Date: Wed, 29 Dec 2004 16:48:18 +0300

Dear Squid GURU,
There are many such error meessages in cache.log. SQUID does not shut down
with each such message. I see at least 15-16 such eeror messages after which
squid is stopped. I am sure no body issued "Control-C" though I was starting
squid with -DYNCd3 options.
I have tried starting squid like /usr/local/squid/sbin/squid but no
process starts. I could start squid with -N option only. Though in
squid-2.5STABLE7 I could start squid only with ./squid command. While I am
writing this mail I have already seen 10 error messages -
"clientNegotiateSSL: Error negotiating SSL connection on FD
91: error:00000000:lib(0):func(0):reason(0) (5/0)" and squid is still
running.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
I am running Squid-3 PRE3 on RH9 without any squid patch as I could not
insatll the patches listed at the sight. My squid.conf is as following:-

http_port 8080
https_port w.x.y.z:443 defaultsite=mail.xyz.com protocol=http cert=/usr/lo
cal/ssl/mail.xyz.com.crt key=/usr/local/ssl/mail.xyz.com.key
ssl_unclean_shutdown on
icp_port 3130
cache_peer mail.xyz.com parent 80 0 no-query proxy-only originserver
login=PA
SS front-end-https=on

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_dir ufs /usr/local/squid/var/cache 100 16 256
access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl owa_host dst a.b.c.d/255.255.255.255
acl it_net src 10.1.1.0/255.255.255.0
acl all_dst dst 0.0.0.0/0.0.0.0
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow owa_host
http_access allow it_net
http_access deny all
http_reply_access allow all_dst
icp_access allow all
cache_effective_user squid
visible_hostname Squid-Rev
coredump_dir /usr/local/squid/var/cache
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
My question - 1. Am I doing any thing wrong. With Squid-2.5STABLE5 and
Exchange 5 OWA, we were very stable.
2. Do I need to install any patch? How can I do that. I stuck when I needed
to choose target file (to be patched).

Lot of thanks....

Rakesh Jha
----- Original Message -----
From: "Henrik Nordstrom" <hno@squid-cache.org>
To: "Rakesh Kumar" <rakesh@burgan.com.kw>
Cc: <squid-users@squid-cache.org>; "Henrik Nordstrom" <hno@squid-cache.org>
Sent: Tuesday, December 28, 2004 04:12 PM
Subject: [squid-users] Re: SSL Reverse Proxy to Exchange 2003 OWA

>
>
> On Tue, 28 Dec 2004, Rakesh Kumar wrote:
>
> > With Squid-3 I have strated working well with OWA but now facing another
> > problem. After some two-three conenction I am getting following error in
> > cache.log -
> >
> > 2004/12/28 12:42:11| clientNegotiateSSL: Error negotiating SSL
connection on
> > FD
> > 36: error:00000000:lib(0):func(0):reason(0) (5/0)
>
> This is usually seen when the client aborts the connection during the
> initial SSL negotiations.
>
> > 2004/12/28 12:43:17| Preparing for shutdown after 236 requests
>
> This is someone terminating Squid, either with "Control-C" if run
> interactively or by "squid -k shutdown".
>
> Regards
> Henrik
>

######################################################################
Attention:
This e-mail message is privileged and confidential. If you are not the
intended recipient please delete the message and notify the sender.
Any views or opinions presented are solely those of the author.
######################################################################
Received on Wed Dec 29 2004 - 03:46:49 MST

This archive was generated by hypermail pre-2.1.9 : Sat Jan 01 2005 - 12:00:03 MST