Re: [squid-users] URL can not be retrieved

From: Rakesh Kumar <rakesh@dont-contact.us>
Date: Mon, 8 Mar 2004 10:58:49 +0300

I have tried httpd_accel directives. The configiration is :

http_port 8080

https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem

acl it_net src e.f.g.0/255.255.255.0

acl all src 0.0.0.0/0.0.0.0

httpd_accel_host i.j.k.l

httpd_accel_port 443

httpd_accel_single_host on

httpd_accel_with_proxy on

#acl acceleratedHost dst i.j.k.l

acl accel_servers dst i.j.k.l

#acl acceleratedPort 443

acl port443 port 443

acl http protocol http

http_access allow accel_servers http port443

http_access allow it_net

http_access deny all

When I enter https://mail.xyz.com I get alert messages telling that "The
document contains no data" and cache.log registers following error:

2004/03/08 10:27:41| clientNegotiateSSL: Error negotiating SSL connection on
FD

10: error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request

Regards,

Rakesh Kumar Jha

*************************************************************

> Now we want to encrypt the mail.xyz.com. For this I have installed

> RH-9, Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following

> config -

> http_port 8080

> https_port 443 cert=/usr/local/ssl/cacert.pem
key=/usr/local/ssl/privkey.pem

> acl it_net src e.f.g.0/255.255.255.0

> http_access allow it_net

You also need to enable acceleration/reverse proxying. See the

httpd_accel_* directivves.

Regards

Henrik

********************************************************

Let me explain our environment...we were running as http://mail.xyz.com. Our
DNS would resolve to IP a.b.c.d and the external firewall will translate
this legal IP to private IP - e.f.g.h which was Squid Reverse Proxy (Squid
V2.4). The squid revserse proxy was accerlerating exchange server OWA IP -
i.j.k.l. There is another firewall between Squid reverse proxy and exchange
server/OWA. This firewall allows traffice between these two on port 80. It
worked perfectly.

http://mail.xyz.com -->>Firewall-1 NAT -->>Squid Reverse

proxy -->>Firewall-2 ---->>>> OWA

IP a.b.c.d -------->>> NAT --->>>>>>> IP e.f.g.h ------------->>> Port 80

----->> IP i.j.k.l

Now we want to encrypt the mail.xyz.com. For this I have installed RH-9,
Squid V2.5-STABLE4, OpenSSL-0.9.7. The squid.conf has following config -

http_port 8080

https_port 443 cert=/usr/local/ssl/cacert.pem key=/usr/local/ssl/privkey.pem

acl it_net src e.f.g.0/255.255.255.0

http_access allow it_net

1. From Squid proxy when I say https://i.j.k.l I can acces the mails. 2. But
from anywher else including proxy server if I say https://mail.xyz.com or
https://a.b.c.d I get error URL: / cannot be retrieved. Why the IP is
getting stripped?

Regards,

Rakesh Kumar Jha

#####################################################################################
DISCLAIMER
Any non-official business related views, opinions and other information presented
in this electronic mail are solely those of the sender/author. Burgan Bank does not
endorse or accept responsibility for these opinions, views or conclusions.

If you are not the addressee indicated in this electronic mail or responsible for
delivering this electronic message to the inteded recipient, you should delete this
message and notify the sender immediately.

Burgan Bank
#####################################################################################
Received on Mon Mar 08 2004 - 01:14:34 MST

This archive was generated by hypermail pre-2.1.9 : Thu Apr 01 2004 - 12:00:01 MST